diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30706.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30706.json new file mode 100644 index 00000000000..e157b72132b --- /dev/null +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30706.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-30706", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-09-06T04:15:11.063", + "lastModified": "2023-09-06T04:15:11.063", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper authorization in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows attacker to read arbitrary file with system privilege." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-285" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30707.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30707.json new file mode 100644 index 00000000000..6581db17e53 --- /dev/null +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30707.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-30707", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-09-06T04:15:11.520", + "lastModified": "2023-09-06T04:15:11.520", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper input validation vulnerability in FileProviderStatusReceiver in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows local attackers to delete arbitrary files with Samsung Keyboard privilege." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30708.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30708.json new file mode 100644 index 00000000000..099261ddb52 --- /dev/null +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30708.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-30708", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-09-06T04:15:11.627", + "lastModified": "2023-09-06T04:15:11.627", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper authentication in SecSettings prior to SMR Sep-2023 Release 1 allows attacker to access Captive Portal Wi-Fi in Reactivation Lock status." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30709.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30709.json new file mode 100644 index 00000000000..c9d87102688 --- /dev/null +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30709.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-30709", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-09-06T04:15:11.833", + "lastModified": "2023-09-06T04:15:11.833", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper access control in Dual Messenger prior to SMR Sep-2023 Release 1 allows local attackers launch activity with system privilege." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 7.9, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.5, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30710.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30710.json new file mode 100644 index 00000000000..187ee40aa0f --- /dev/null +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30710.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-30710", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-09-06T04:15:12.220", + "lastModified": "2023-09-06T04:15:12.220", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper input validation vulnerability in Knox AI prior to SMR Sep-2023 Release 1 allows local attackers to launch privileged activities." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 8.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.5, + "impactScore": 5.3 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30711.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30711.json new file mode 100644 index 00000000000..89ee95eb5f9 --- /dev/null +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30711.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-30711", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-09-06T04:15:12.570", + "lastModified": "2023-09-06T04:15:12.570", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1 allows attacker to insert arbitrary data to the provider." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30712.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30712.json new file mode 100644 index 00000000000..3d2184fb832 --- /dev/null +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30712.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-30712", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-09-06T04:15:13.007", + "lastModified": "2023-09-06T04:15:13.007", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper input validation in Settings Suggestions prior to SMR Sep-2023 Release 1 allows attackers to launch arbitrary activity." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30713.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30713.json new file mode 100644 index 00000000000..54589b58214 --- /dev/null +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30713.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-30713", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-09-06T04:15:13.383", + "lastModified": "2023-09-06T04:15:13.383", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper privilege management vulnerability in FolderLockNotifier in One UI Home prior to SMR Sep-2023 Release 1 allows local attackers to change some settings of the folder lock." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30714.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30714.json new file mode 100644 index 00000000000..190cf9ca82e --- /dev/null +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30714.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-30714", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-09-06T04:15:13.740", + "lastModified": "2023-09-06T04:15:13.740", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper authorization vulnerability in FolderContainerDragDelegate in One UI Home prior to SMR Sep-2023 Release 1 allows physical attackers to change some settings of the folder lock." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 4.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-285" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30715.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30715.json new file mode 100644 index 00000000000..11553d166cf --- /dev/null +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30715.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-30715", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-09-06T04:15:14.080", + "lastModified": "2023-09-06T04:15:14.080", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper access control vulnerability in Weather prior to SMR Sep-2023 Release 1 allows attackers to access location information set in Weather without permission." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30716.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30716.json new file mode 100644 index 00000000000..c0d4958c28f --- /dev/null +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30716.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-30716", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-09-06T04:15:14.283", + "lastModified": "2023-09-06T04:15:14.283", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper access control vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to trigger certain commands." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30717.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30717.json new file mode 100644 index 00000000000..d966bcf6e66 --- /dev/null +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30717.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-30717", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-09-06T04:15:14.467", + "lastModified": "2023-09-06T04:15:14.467", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Sensitive information exposure vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to get unresettable identifiers." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30718.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30718.json new file mode 100644 index 00000000000..a464ed569ad --- /dev/null +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30718.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-30718", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-09-06T04:15:14.640", + "lastModified": "2023-09-06T04:15:14.640", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper export of android application components vulnerability in WifiApAutoHotspotEnablingActivity prior to SMR Sep-2023 Release 1 allows local attacker to change a Auto Hotspot setting." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-926" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30719.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30719.json new file mode 100644 index 00000000000..1c207cdcb45 --- /dev/null +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30719.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-30719", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-09-06T04:15:14.860", + "lastModified": "2023-09-06T04:15:14.860", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Exposure of Sensitive Information vulnerability in InboundSmsHandler prior to SMR Sep-2023 Release 1 allows local attackers to access certain message data." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30720.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30720.json new file mode 100644 index 00000000000..59329c352f3 --- /dev/null +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30720.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-30720", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-09-06T04:15:15.067", + "lastModified": "2023-09-06T04:15:15.067", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "PendingIntent hijacking in LmsAssemblyTrackerCTC prior to SMR Sep-2023 Release 1 allows local attacker to gain arbitrary file access." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.0, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30721.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30721.json new file mode 100644 index 00000000000..5bd7e875659 --- /dev/null +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30721.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-30721", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-09-06T04:15:15.263", + "lastModified": "2023-09-06T04:15:15.263", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Insertion of sensitive information into log vulnerability in Locksettings prior to SMR Sep-2023 Release 1 allows a privileged local attacker to get lock screen match information from the log." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-532" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30722.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30722.json new file mode 100644 index 00000000000..6936b38b240 --- /dev/null +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30722.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-30722", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-09-06T04:15:15.493", + "lastModified": "2023-09-06T04:15:15.493", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Protection Mechanism Failure in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.13.5 allows local attacker to execute arbitrary code." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-693" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=09", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30723.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30723.json new file mode 100644 index 00000000000..7c21d0f05ea --- /dev/null +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30723.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-30723", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-09-06T04:15:15.703", + "lastModified": "2023-09-06T04:15:15.703", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper input validation vulnerability in Samsung Health prior to version 6.24.2.011 allows attackers to write arbitrary file with Samsung Health privilege." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=09", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30724.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30724.json new file mode 100644 index 00000000000..9f4208c1e0b --- /dev/null +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30724.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-30724", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-09-06T04:15:15.987", + "lastModified": "2023-09-06T04:15:15.987", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper authentication in GallerySearchProvider of Gallery prior to version 14.5.01.2 allows attacker to access search history." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=09", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30725.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30725.json new file mode 100644 index 00000000000..edb47d59cbf --- /dev/null +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30725.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-30725", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-09-06T04:15:16.277", + "lastModified": "2023-09-06T04:15:16.277", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper authentication in LocalProvier of Gallery prior to version 14.5.01.2 allows attacker to access the data in content provider." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=09", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30726.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30726.json new file mode 100644 index 00000000000..62e1f8cc2fb --- /dev/null +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30726.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-30726", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-09-06T04:15:16.470", + "lastModified": "2023-09-06T04:15:16.470", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "PendingIntent hijacking vulnerability in GameLauncher prior to version 4.2.59.5 allows local attackers to access data." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.0, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=09", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30728.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30728.json new file mode 100644 index 00000000000..be180f7adcf --- /dev/null +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30728.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-30728", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-09-06T04:15:16.673", + "lastModified": "2023-09-06T04:15:16.673", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Intent redirection vulnerability in PackageInstallerCHN prior to version 13.1.03.00 allows local attacker to access arbitrary file. This vulnerability requires user interaction." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-285" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=09", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30729.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30729.json new file mode 100644 index 00000000000..85b11c0d68b --- /dev/null +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30729.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-30729", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-09-06T04:15:16.890", + "lastModified": "2023-09-06T04:15:16.890", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Certificate Validation in Samsung Email prior to version 6.1.82.0 allows remote attacker to intercept the network traffic including sensitive information." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-295" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=09", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30730.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30730.json new file mode 100644 index 00000000000..300b7d3b268 --- /dev/null +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30730.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-30730", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-09-06T04:15:17.130", + "lastModified": "2023-09-06T04:15:17.130", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Implicit intent hijacking vulnerability in Camera prior to versions 11.0.16.43 in Android 11, 12.1.00.30, 12.0.07.53, 12.1.03.10 in Android 12, and 13.0.01.43, 13.1.00.83 in Android 13 allows local attacker to access specific file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-285" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=09", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-321xx/CVE-2023-32162.json b/CVE-2023/CVE-2023-321xx/CVE-2023-32162.json new file mode 100644 index 00000000000..cccdf159908 --- /dev/null +++ b/CVE-2023/CVE-2023-321xx/CVE-2023-32162.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-32162", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2023-09-06T05:15:42.243", + "lastModified": "2023-09-06T05:15:42.243", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Wacom Drivers for Windows Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Drivers for Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the handling of the WacomInstallI.txt file by the PrefUtil.exe utility. The issue results from incorrect permissions on the WacomInstallI.txt file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-16318." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-732" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-741", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-321xx/CVE-2023-32163.json b/CVE-2023/CVE-2023-321xx/CVE-2023-32163.json new file mode 100644 index 00000000000..bc67721afd7 --- /dev/null +++ b/CVE-2023/CVE-2023-321xx/CVE-2023-32163.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-32163", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2023-09-06T05:15:42.347", + "lastModified": "2023-09-06T05:15:42.347", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Wacom Drivers for Windows Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Drivers for Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the Tablet Service. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-16857." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-59" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-742", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3471.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3471.json new file mode 100644 index 00000000000..4a00bd9e0d0 --- /dev/null +++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3471.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-3471", + "sourceIdentifier": "product-security@gg.jp.panasonic.com", + "published": "2023-09-06T05:15:42.520", + "lastModified": "2023-09-06T05:15:42.520", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Buffer overflow vulnerability in Panasonic KW Watcher versions 1.00 through 2.82 may allow attackers to execute arbitrary code." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "product-security@gg.jp.panasonic.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "product-security@gg.jp.panasonic.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + } + ] + } + ], + "references": [ + { + "url": "https://www3.panasonic.biz/ac/e/fasys/software_info/eco/kwwatcher_versioninfo.jsp", + "source": "product-security@gg.jp.panasonic.com" + }, + { + "url": "https://www3.panasonic.biz/ac/j/fasys/software_info/eco/tol_kwwatcher.jsp", + "source": "product-security@gg.jp.panasonic.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3472.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3472.json new file mode 100644 index 00000000000..6af7686260d --- /dev/null +++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3472.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-3472", + "sourceIdentifier": "product-security@gg.jp.panasonic.com", + "published": "2023-09-06T05:15:42.613", + "lastModified": "2023-09-06T05:15:42.613", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Use after free vulnerability in Panasonic KW Watcher versions 1.00 through 2.82 may allow attackers to execute arbitrary code." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "product-security@gg.jp.panasonic.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "product-security@gg.jp.panasonic.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "references": [ + { + "url": "https://www3.panasonic.biz/ac/e/fasys/software_info/eco/kwwatcher_versioninfo.jsp", + "source": "product-security@gg.jp.panasonic.com" + }, + { + "url": "https://www3.panasonic.biz/ac/j/fasys/software_info/eco/tol_kwwatcher.jsp", + "source": "product-security@gg.jp.panasonic.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-357xx/CVE-2023-35719.json b/CVE-2023/CVE-2023-357xx/CVE-2023-35719.json new file mode 100644 index 00000000000..c6e5376bfe4 --- /dev/null +++ b/CVE-2023/CVE-2023-357xx/CVE-2023-35719.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-35719", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2023-09-06T05:15:42.437", + "lastModified": "2023-09-06T05:15:42.437", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of ManageEngine ADSelfService Plus. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the Password Reset Portal used by the GINA client. The issue results from the lack of proper authentication of data received via HTTP. An attacker can leverage this vulnerability to bypass authentication and execute code in the context of SYSTEM. Was ZDI-CAN-17009." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-345" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-891", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4773.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4773.json new file mode 100644 index 00000000000..f2d134f45bc --- /dev/null +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4773.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-4773", + "sourceIdentifier": "security@wordfence.com", + "published": "2023-09-06T04:15:17.377", + "lastModified": "2023-09-06T04:15:17.377", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The WordPress Social Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wordpress_social_login_meta' shortcode in versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wordpress-social-login/tags/3.0.4/includes/widgets/wsl.auth.widgets.php#L413", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b987822d-2b1b-4f79-988b-4bd731864b63?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 993da49ade7..937de828904 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-09-06T04:00:25.174226+00:00 +2023-09-06T06:00:24.546635+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-09-06T03:15:11.807000+00:00 +2023-09-06T05:15:42.613000+00:00 ``` ### Last Data Feed Release @@ -29,48 +29,44 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -224285 +224315 ``` ### CVEs added in the last Commit -Recently added CVEs: `25` +Recently added CVEs: `30` -* [CVE-2022-32920](CVE-2022/CVE-2022-329xx/CVE-2022-32920.json) (`2023-09-06T02:15:07.873`) -* [CVE-2023-27950](CVE-2023/CVE-2023-279xx/CVE-2023-27950.json) (`2023-09-06T02:15:08.280`) -* [CVE-2023-28187](CVE-2023/CVE-2023-281xx/CVE-2023-28187.json) (`2023-09-06T02:15:08.340`) -* [CVE-2023-28188](CVE-2023/CVE-2023-281xx/CVE-2023-28188.json) (`2023-09-06T02:15:08.393`) -* [CVE-2023-28195](CVE-2023/CVE-2023-281xx/CVE-2023-28195.json) (`2023-09-06T02:15:08.447`) -* [CVE-2023-28208](CVE-2023/CVE-2023-282xx/CVE-2023-28208.json) (`2023-09-06T02:15:08.497`) -* [CVE-2023-28209](CVE-2023/CVE-2023-282xx/CVE-2023-28209.json) (`2023-09-06T02:15:08.550`) -* [CVE-2023-28210](CVE-2023/CVE-2023-282xx/CVE-2023-28210.json) (`2023-09-06T02:15:08.600`) -* [CVE-2023-28211](CVE-2023/CVE-2023-282xx/CVE-2023-28211.json) (`2023-09-06T02:15:08.653`) -* [CVE-2023-28212](CVE-2023/CVE-2023-282xx/CVE-2023-28212.json) (`2023-09-06T02:15:08.703`) -* [CVE-2023-28213](CVE-2023/CVE-2023-282xx/CVE-2023-28213.json) (`2023-09-06T02:15:08.757`) -* [CVE-2023-28214](CVE-2023/CVE-2023-282xx/CVE-2023-28214.json) (`2023-09-06T02:15:08.807`) -* [CVE-2023-28215](CVE-2023/CVE-2023-282xx/CVE-2023-28215.json) (`2023-09-06T02:15:08.857`) -* [CVE-2023-29166](CVE-2023/CVE-2023-291xx/CVE-2023-29166.json) (`2023-09-06T02:15:08.910`) -* [CVE-2023-32356](CVE-2023/CVE-2023-323xx/CVE-2023-32356.json) (`2023-09-06T02:15:08.967`) -* [CVE-2023-32362](CVE-2023/CVE-2023-323xx/CVE-2023-32362.json) (`2023-09-06T02:15:09.017`) -* [CVE-2023-32370](CVE-2023/CVE-2023-323xx/CVE-2023-32370.json) (`2023-09-06T02:15:09.070`) -* [CVE-2023-32379](CVE-2023/CVE-2023-323xx/CVE-2023-32379.json) (`2023-09-06T02:15:09.120`) -* [CVE-2023-32425](CVE-2023/CVE-2023-324xx/CVE-2023-32425.json) (`2023-09-06T02:15:09.177`) -* [CVE-2023-32426](CVE-2023/CVE-2023-324xx/CVE-2023-32426.json) (`2023-09-06T02:15:09.223`) -* [CVE-2023-32428](CVE-2023/CVE-2023-324xx/CVE-2023-32428.json) (`2023-09-06T02:15:09.270`) -* [CVE-2023-32432](CVE-2023/CVE-2023-324xx/CVE-2023-32432.json) (`2023-09-06T02:15:09.327`) -* [CVE-2023-32438](CVE-2023/CVE-2023-324xx/CVE-2023-32438.json) (`2023-09-06T02:15:09.383`) -* [CVE-2023-34352](CVE-2023/CVE-2023-343xx/CVE-2023-34352.json) (`2023-09-06T02:15:09.440`) -* [CVE-2023-4719](CVE-2023/CVE-2023-47xx/CVE-2023-4719.json) (`2023-09-06T02:15:09.500`) +* [CVE-2023-30711](CVE-2023/CVE-2023-307xx/CVE-2023-30711.json) (`2023-09-06T04:15:12.570`) +* [CVE-2023-30712](CVE-2023/CVE-2023-307xx/CVE-2023-30712.json) (`2023-09-06T04:15:13.007`) +* [CVE-2023-30713](CVE-2023/CVE-2023-307xx/CVE-2023-30713.json) (`2023-09-06T04:15:13.383`) +* [CVE-2023-30714](CVE-2023/CVE-2023-307xx/CVE-2023-30714.json) (`2023-09-06T04:15:13.740`) +* [CVE-2023-30715](CVE-2023/CVE-2023-307xx/CVE-2023-30715.json) (`2023-09-06T04:15:14.080`) +* [CVE-2023-30716](CVE-2023/CVE-2023-307xx/CVE-2023-30716.json) (`2023-09-06T04:15:14.283`) +* [CVE-2023-30717](CVE-2023/CVE-2023-307xx/CVE-2023-30717.json) (`2023-09-06T04:15:14.467`) +* [CVE-2023-30718](CVE-2023/CVE-2023-307xx/CVE-2023-30718.json) (`2023-09-06T04:15:14.640`) +* [CVE-2023-30719](CVE-2023/CVE-2023-307xx/CVE-2023-30719.json) (`2023-09-06T04:15:14.860`) +* [CVE-2023-30720](CVE-2023/CVE-2023-307xx/CVE-2023-30720.json) (`2023-09-06T04:15:15.067`) +* [CVE-2023-30721](CVE-2023/CVE-2023-307xx/CVE-2023-30721.json) (`2023-09-06T04:15:15.263`) +* [CVE-2023-30722](CVE-2023/CVE-2023-307xx/CVE-2023-30722.json) (`2023-09-06T04:15:15.493`) +* [CVE-2023-30723](CVE-2023/CVE-2023-307xx/CVE-2023-30723.json) (`2023-09-06T04:15:15.703`) +* [CVE-2023-30724](CVE-2023/CVE-2023-307xx/CVE-2023-30724.json) (`2023-09-06T04:15:15.987`) +* [CVE-2023-30725](CVE-2023/CVE-2023-307xx/CVE-2023-30725.json) (`2023-09-06T04:15:16.277`) +* [CVE-2023-30726](CVE-2023/CVE-2023-307xx/CVE-2023-30726.json) (`2023-09-06T04:15:16.470`) +* [CVE-2023-30728](CVE-2023/CVE-2023-307xx/CVE-2023-30728.json) (`2023-09-06T04:15:16.673`) +* [CVE-2023-30729](CVE-2023/CVE-2023-307xx/CVE-2023-30729.json) (`2023-09-06T04:15:16.890`) +* [CVE-2023-30730](CVE-2023/CVE-2023-307xx/CVE-2023-30730.json) (`2023-09-06T04:15:17.130`) +* [CVE-2023-4773](CVE-2023/CVE-2023-47xx/CVE-2023-4773.json) (`2023-09-06T04:15:17.377`) +* [CVE-2023-32162](CVE-2023/CVE-2023-321xx/CVE-2023-32162.json) (`2023-09-06T05:15:42.243`) +* [CVE-2023-32163](CVE-2023/CVE-2023-321xx/CVE-2023-32163.json) (`2023-09-06T05:15:42.347`) +* [CVE-2023-35719](CVE-2023/CVE-2023-357xx/CVE-2023-35719.json) (`2023-09-06T05:15:42.437`) +* [CVE-2023-3471](CVE-2023/CVE-2023-34xx/CVE-2023-3471.json) (`2023-09-06T05:15:42.520`) +* [CVE-2023-3472](CVE-2023/CVE-2023-34xx/CVE-2023-3472.json) (`2023-09-06T05:15:42.613`) ### CVEs modified in the last Commit -Recently modified CVEs: `4` +Recently modified CVEs: `0` -* [CVE-2020-21426](CVE-2020/CVE-2020-214xx/CVE-2020-21426.json) (`2023-09-06T03:15:10.613`) -* [CVE-2020-21427](CVE-2020/CVE-2020-214xx/CVE-2020-21427.json) (`2023-09-06T03:15:11.547`) -* [CVE-2020-21428](CVE-2020/CVE-2020-214xx/CVE-2020-21428.json) (`2023-09-06T03:15:11.657`) -* [CVE-2020-22524](CVE-2020/CVE-2020-225xx/CVE-2020-22524.json) (`2023-09-06T03:15:11.807`) ## Download and Usage