From f52c365025e793bcf433c2483ef3b88f789527d8 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 13 Jul 2023 02:00:54 +0000 Subject: [PATCH] Auto-Update: 2023-07-13T02:00:50.875669+00:00 --- CVE-2021/CVE-2021-09xx/CVE-2021-0948.json | 20 ++++ CVE-2022/CVE-2022-485xx/CVE-2022-48510.json | 71 +++++++++++++- CVE-2022/CVE-2022-485xx/CVE-2022-48511.json | 71 +++++++++++++- CVE-2022/CVE-2022-485xx/CVE-2022-48512.json | 71 +++++++++++++- CVE-2022/CVE-2022-485xx/CVE-2022-48513.json | 101 +++++++++++++++++++- CVE-2022/CVE-2022-485xx/CVE-2022-48514.json | 61 +++++++++++- CVE-2022/CVE-2022-485xx/CVE-2022-48515.json | 91 +++++++++++++++++- CVE-2023/CVE-2023-209xx/CVE-2023-20910.json | 22 +++-- CVE-2023/CVE-2023-209xx/CVE-2023-20918.json | 32 +++++++ CVE-2023/CVE-2023-209xx/CVE-2023-20942.json | 32 +++++++ CVE-2023/CVE-2023-211xx/CVE-2023-21145.json | 24 +++++ CVE-2023/CVE-2023-212xx/CVE-2023-21238.json | 24 +++++ CVE-2023/CVE-2023-212xx/CVE-2023-21239.json | 24 +++++ CVE-2023/CVE-2023-212xx/CVE-2023-21240.json | 24 +++++ CVE-2023/CVE-2023-212xx/CVE-2023-21241.json | 24 +++++ CVE-2023/CVE-2023-212xx/CVE-2023-21243.json | 24 +++++ CVE-2023/CVE-2023-212xx/CVE-2023-21245.json | 24 +++++ CVE-2023/CVE-2023-212xx/CVE-2023-21246.json | 24 +++++ CVE-2023/CVE-2023-212xx/CVE-2023-21247.json | 24 +++++ CVE-2023/CVE-2023-212xx/CVE-2023-21248.json | 24 +++++ CVE-2023/CVE-2023-212xx/CVE-2023-21249.json | 24 +++++ CVE-2023/CVE-2023-212xx/CVE-2023-21250.json | 24 +++++ CVE-2023/CVE-2023-212xx/CVE-2023-21251.json | 24 +++++ CVE-2023/CVE-2023-212xx/CVE-2023-21254.json | 24 +++++ CVE-2023/CVE-2023-212xx/CVE-2023-21255.json | 24 +++++ CVE-2023/CVE-2023-212xx/CVE-2023-21256.json | 24 +++++ CVE-2023/CVE-2023-212xx/CVE-2023-21257.json | 24 +++++ CVE-2023/CVE-2023-212xx/CVE-2023-21260.json | 20 ++++ CVE-2023/CVE-2023-212xx/CVE-2023-21261.json | 24 +++++ CVE-2023/CVE-2023-212xx/CVE-2023-21262.json | 24 +++++ CVE-2023/CVE-2023-213xx/CVE-2023-21399.json | 20 ++++ CVE-2023/CVE-2023-214xx/CVE-2023-21400.json | 20 ++++ CVE-2023/CVE-2023-223xx/CVE-2023-22365.json | 58 ++++++++++- CVE-2023/CVE-2023-235xx/CVE-2023-23547.json | 71 +++++++++++++- CVE-2023/CVE-2023-237xx/CVE-2023-23787.json | 47 ++++++++- CVE-2023/CVE-2023-238xx/CVE-2023-23804.json | 59 +++++++++++- CVE-2023/CVE-2023-238xx/CVE-2023-23869.json | 47 ++++++++- CVE-2023/CVE-2023-238xx/CVE-2023-23897.json | 47 ++++++++- CVE-2023/CVE-2023-239xx/CVE-2023-23993.json | 47 ++++++++- CVE-2023/CVE-2023-243xx/CVE-2023-24395.json | 47 ++++++++- CVE-2023/CVE-2023-244xx/CVE-2023-24405.json | 47 ++++++++- CVE-2023/CVE-2023-244xx/CVE-2023-24496.json | 47 ++++++++- CVE-2023/CVE-2023-244xx/CVE-2023-24497.json | 47 ++++++++- CVE-2023/CVE-2023-254xx/CVE-2023-25478.json | 47 ++++++++- CVE-2023/CVE-2023-306xx/CVE-2023-30675.json | 61 +++++++++++- CVE-2023/CVE-2023-306xx/CVE-2023-30676.json | 61 +++++++++++- CVE-2023/CVE-2023-306xx/CVE-2023-30677.json | 61 +++++++++++- CVE-2023/CVE-2023-306xx/CVE-2023-30678.json | 69 ++++++++++++- CVE-2023/CVE-2023-341xx/CVE-2023-34123.json | 36 +++++++ CVE-2023/CVE-2023-341xx/CVE-2023-34124.json | 36 +++++++ CVE-2023/CVE-2023-341xx/CVE-2023-34125.json | 36 +++++++ CVE-2023/CVE-2023-341xx/CVE-2023-34126.json | 36 +++++++ CVE-2023/CVE-2023-341xx/CVE-2023-34127.json | 36 +++++++ CVE-2023/CVE-2023-341xx/CVE-2023-34128.json | 36 +++++++ CVE-2023/CVE-2023-356xx/CVE-2023-35691.json | 20 ++++ CVE-2023/CVE-2023-356xx/CVE-2023-35693.json | 24 +++++ CVE-2023/CVE-2023-356xx/CVE-2023-35694.json | 20 ++++ README.md | 81 ++++++++++------ 58 files changed, 2197 insertions(+), 115 deletions(-) create mode 100644 CVE-2021/CVE-2021-09xx/CVE-2021-0948.json create mode 100644 CVE-2023/CVE-2023-209xx/CVE-2023-20918.json create mode 100644 CVE-2023/CVE-2023-209xx/CVE-2023-20942.json create mode 100644 CVE-2023/CVE-2023-211xx/CVE-2023-21145.json create mode 100644 CVE-2023/CVE-2023-212xx/CVE-2023-21238.json create mode 100644 CVE-2023/CVE-2023-212xx/CVE-2023-21239.json create mode 100644 CVE-2023/CVE-2023-212xx/CVE-2023-21240.json create mode 100644 CVE-2023/CVE-2023-212xx/CVE-2023-21241.json create mode 100644 CVE-2023/CVE-2023-212xx/CVE-2023-21243.json create mode 100644 CVE-2023/CVE-2023-212xx/CVE-2023-21245.json create mode 100644 CVE-2023/CVE-2023-212xx/CVE-2023-21246.json create mode 100644 CVE-2023/CVE-2023-212xx/CVE-2023-21247.json create mode 100644 CVE-2023/CVE-2023-212xx/CVE-2023-21248.json create mode 100644 CVE-2023/CVE-2023-212xx/CVE-2023-21249.json create mode 100644 CVE-2023/CVE-2023-212xx/CVE-2023-21250.json create mode 100644 CVE-2023/CVE-2023-212xx/CVE-2023-21251.json create mode 100644 CVE-2023/CVE-2023-212xx/CVE-2023-21254.json create mode 100644 CVE-2023/CVE-2023-212xx/CVE-2023-21255.json create mode 100644 CVE-2023/CVE-2023-212xx/CVE-2023-21256.json create mode 100644 CVE-2023/CVE-2023-212xx/CVE-2023-21257.json create mode 100644 CVE-2023/CVE-2023-212xx/CVE-2023-21260.json create mode 100644 CVE-2023/CVE-2023-212xx/CVE-2023-21261.json create mode 100644 CVE-2023/CVE-2023-212xx/CVE-2023-21262.json create mode 100644 CVE-2023/CVE-2023-213xx/CVE-2023-21399.json create mode 100644 CVE-2023/CVE-2023-214xx/CVE-2023-21400.json create mode 100644 CVE-2023/CVE-2023-341xx/CVE-2023-34123.json create mode 100644 CVE-2023/CVE-2023-341xx/CVE-2023-34124.json create mode 100644 CVE-2023/CVE-2023-341xx/CVE-2023-34125.json create mode 100644 CVE-2023/CVE-2023-341xx/CVE-2023-34126.json create mode 100644 CVE-2023/CVE-2023-341xx/CVE-2023-34127.json create mode 100644 CVE-2023/CVE-2023-341xx/CVE-2023-34128.json create mode 100644 CVE-2023/CVE-2023-356xx/CVE-2023-35691.json create mode 100644 CVE-2023/CVE-2023-356xx/CVE-2023-35693.json create mode 100644 CVE-2023/CVE-2023-356xx/CVE-2023-35694.json diff --git a/CVE-2021/CVE-2021-09xx/CVE-2021-0948.json b/CVE-2021/CVE-2021-09xx/CVE-2021-0948.json new file mode 100644 index 00000000000..d5ec8acae04 --- /dev/null +++ b/CVE-2021/CVE-2021-09xx/CVE-2021-0948.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2021-0948", + "sourceIdentifier": "security@android.com", + "published": "2023-07-13T00:15:23.133", + "lastModified": "2023-07-13T00:15:23.133", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The PVRSRVBridgeGetMultiCoreInfo ioctl in the PowerVR kernel driver can return uninitialized kernel memory to user space. The contents of this memory could contain sensitive information.\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://source.android.com/security/bulletin/2023-07-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-485xx/CVE-2022-48510.json b/CVE-2022/CVE-2022-485xx/CVE-2022-48510.json index d5f44e3eeec..0bcb652c710 100644 --- a/CVE-2022/CVE-2022-485xx/CVE-2022-48510.json +++ b/CVE-2022/CVE-2022-485xx/CVE-2022-48510.json @@ -2,16 +2,49 @@ "id": "CVE-2022-48510", "sourceIdentifier": "psirt@huawei.com", "published": "2023-07-06T13:15:10.187", - "lastModified": "2023-07-06T14:27:22.657", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-13T01:28:03.890", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Input verification vulnerability in the AMS module. Successful exploitation of this vulnerability will cause unauthorized operations." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "psirt@huawei.com", "type": "Secondary", @@ -23,14 +56,42 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "20112231-B840-44D3-A061-B9B9F80EE378" + } + ] + } + ] + } + ], "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2023/7/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-485xx/CVE-2022-48511.json b/CVE-2022/CVE-2022-485xx/CVE-2022-48511.json index b5152a1d488..7f35a49236d 100644 --- a/CVE-2022/CVE-2022-485xx/CVE-2022-48511.json +++ b/CVE-2022/CVE-2022-485xx/CVE-2022-48511.json @@ -2,16 +2,49 @@ "id": "CVE-2022-48511", "sourceIdentifier": "psirt@huawei.com", "published": "2023-07-06T13:15:10.233", - "lastModified": "2023-07-06T14:27:22.657", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-13T01:26:08.630", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Use After Free (UAF) vulnerability in the audio PCM driver module under special conditions. Successful exploitation of this vulnerability may cause audio features to perform abnormally." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + }, { "source": "psirt@huawei.com", "type": "Secondary", @@ -23,14 +56,42 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "20112231-B840-44D3-A061-B9B9F80EE378" + } + ] + } + ] + } + ], "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2023/7/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-485xx/CVE-2022-48512.json b/CVE-2022/CVE-2022-485xx/CVE-2022-48512.json index 19661f6eb7d..cea4697e945 100644 --- a/CVE-2022/CVE-2022-485xx/CVE-2022-48512.json +++ b/CVE-2022/CVE-2022-485xx/CVE-2022-48512.json @@ -2,16 +2,49 @@ "id": "CVE-2022-48512", "sourceIdentifier": "psirt@huawei.com", "published": "2023-07-06T13:15:10.280", - "lastModified": "2023-07-06T14:27:22.657", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-13T01:07:21.960", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Use After Free (UAF) vulnerability in the Vdecoderservice service. Successful exploitation of this vulnerability may cause the image decoding feature to perform abnormally." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + }, { "source": "psirt@huawei.com", "type": "Secondary", @@ -23,14 +56,42 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "20112231-B840-44D3-A061-B9B9F80EE378" + } + ] + } + ] + } + ], "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2023/7/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-485xx/CVE-2022-48513.json b/CVE-2022/CVE-2022-485xx/CVE-2022-48513.json index 34754f42792..d988893f4c3 100644 --- a/CVE-2022/CVE-2022-485xx/CVE-2022-48513.json +++ b/CVE-2022/CVE-2022-485xx/CVE-2022-48513.json @@ -2,16 +2,49 @@ "id": "CVE-2022-48513", "sourceIdentifier": "psirt@huawei.com", "published": "2023-07-06T13:15:10.330", - "lastModified": "2023-07-06T14:27:22.657", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-13T00:58:46.147", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Vulnerability of identity verification being bypassed in the Gallery module. Successful exploitation of this vulnerability may cause out-of-bounds access." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-290" + } + ] + }, { "source": "psirt@huawei.com", "type": "Secondary", @@ -23,14 +56,72 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:11.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "511F8CE2-C2B6-4A08-B992-49D9B75B8655" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "2DF07E7F-3A18-4B74-B73D-DF3647C2A48F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "20112231-B840-44D3-A061-B9B9F80EE378" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:2.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "64118936-E2A5-4935-8594-29DF29B5475A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "CB3751C1-7729-41D3-AE50-80B5AF601135" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "4D81C4EF-7CAF-4E60-91A4-8CF7B95B2B54" + } + ] + } + ] + } + ], "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2023/7/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-485xx/CVE-2022-48514.json b/CVE-2022/CVE-2022-485xx/CVE-2022-48514.json index 43c8c96ac23..0fbac497cbe 100644 --- a/CVE-2022/CVE-2022-485xx/CVE-2022-48514.json +++ b/CVE-2022/CVE-2022-485xx/CVE-2022-48514.json @@ -2,16 +2,49 @@ "id": "CVE-2022-48514", "sourceIdentifier": "psirt@huawei.com", "published": "2023-07-06T13:15:10.377", - "lastModified": "2023-07-06T14:27:22.657", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-13T01:02:11.377", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Sepolicy module has inappropriate permission control on the use of Netlink.Successful exploitation of this vulnerability may affect confidentiality." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "psirt@huawei.com", "type": "Secondary", @@ -23,10 +56,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:2.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "C01447F1-7F58-4AE3-B403-C01B2575D898" + } + ] + } + ] + } + ], "references": [ { "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-485xx/CVE-2022-48515.json b/CVE-2022/CVE-2022-485xx/CVE-2022-48515.json index 26604fd8a98..5a0c2bb1df3 100644 --- a/CVE-2022/CVE-2022-485xx/CVE-2022-48515.json +++ b/CVE-2022/CVE-2022-485xx/CVE-2022-48515.json @@ -2,16 +2,49 @@ "id": "CVE-2022-48515", "sourceIdentifier": "psirt@huawei.com", "published": "2023-07-06T13:15:10.427", - "lastModified": "2023-07-06T14:27:22.657", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-13T01:05:49.397", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Vulnerability of inappropriate permission control in Nearby. Successful exploitation of this vulnerability may affect service confidentiality." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "psirt@huawei.com", "type": "Secondary", @@ -23,14 +56,62 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:11.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "511F8CE2-C2B6-4A08-B992-49D9B75B8655" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "2DF07E7F-3A18-4B74-B73D-DF3647C2A48F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "20112231-B840-44D3-A061-B9B9F80EE378" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:2.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "64118936-E2A5-4935-8594-29DF29B5475A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:2.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "C01447F1-7F58-4AE3-B403-C01B2575D898" + } + ] + } + ] + } + ], "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2023/7/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-209xx/CVE-2023-20910.json b/CVE-2023/CVE-2023-209xx/CVE-2023-20910.json index 809aae7ae08..71b12ef8e06 100644 --- a/CVE-2023/CVE-2023-209xx/CVE-2023-20910.json +++ b/CVE-2023/CVE-2023-209xx/CVE-2023-20910.json @@ -2,12 +2,12 @@ "id": "CVE-2023-20910", "sourceIdentifier": "security@android.com", "published": "2023-03-24T20:15:09.113", - "lastModified": "2023-03-29T14:59:51.350", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-13T00:15:23.223", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "In addNetworkSuggestions of WifiManager.java, there is a possible way to trigger permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-245299920" + "value": "In add of WifiNetworkSuggestionsManager.java, there is a possible way to trigger permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" } ], "metrics": { @@ -80,12 +80,16 @@ ], "references": [ { - "url": "https://source.android.com/security/bulletin/2023-03-01", - "source": "security@android.com", - "tags": [ - "Patch", - "Vendor Advisory" - ] + "url": "https://android.googlesource.com/platform/packages/modules/Wifi/+/8827591ae680c4d0bd0e373d4ca20cb35f53faa6", + "source": "security@android.com" + }, + { + "url": "https://android.googlesource.com/platform/packages/modules/Wifi/+/d7df9d633c2726fa2bee8739c9ba274f300e1ea9", + "source": "security@android.com" + }, + { + "url": "https://source.android.com/security/bulletin/2023-07-01", + "source": "security@android.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-209xx/CVE-2023-20918.json b/CVE-2023/CVE-2023-209xx/CVE-2023-20918.json new file mode 100644 index 00000000000..8987ff35be0 --- /dev/null +++ b/CVE-2023/CVE-2023-209xx/CVE-2023-20918.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-20918", + "sourceIdentifier": "security@android.com", + "published": "2023-07-13T00:15:23.317", + "lastModified": "2023-07-13T00:15:23.317", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In getPendingIntentLaunchFlags of ActivityOptions.java, there is a possible elevation of privilege due to a confused deputy with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://android.googlesource.com/platform/frameworks/base/+/16c604aa7c253ce5cf075368a258c0b21386160d", + "source": "security@android.com" + }, + { + "url": "https://android.googlesource.com/platform/frameworks/base/+/51051de4eb40bb502db448084a83fd6cbfb7d3cf", + "source": "security@android.com" + }, + { + "url": "https://android.googlesource.com/platform/frameworks/base/+/8418e3a017428683d173c0c82b0eb02d5b923a4e", + "source": "security@android.com" + }, + { + "url": "https://source.android.com/security/bulletin/2023-07-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-209xx/CVE-2023-20942.json b/CVE-2023/CVE-2023-209xx/CVE-2023-20942.json new file mode 100644 index 00000000000..76324f34750 --- /dev/null +++ b/CVE-2023/CVE-2023-209xx/CVE-2023-20942.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-20942", + "sourceIdentifier": "security@android.com", + "published": "2023-07-13T00:15:23.363", + "lastModified": "2023-07-13T00:15:23.363", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In openMmapStream of AudioFlinger.cpp, there is a possible way to record audio without displaying the microphone privacy indicator due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://android.googlesource.com/platform/frameworks/av/+/770b45c3c1619cf4008b89e7a0f4392bf2224bbc", + "source": "security@android.com" + }, + { + "url": "https://android.googlesource.com/platform/frameworks/av/+/b072419650958c41c87d2baa572dc2fe6da9ea6b", + "source": "security@android.com" + }, + { + "url": "https://android.googlesource.com/platform/frameworks/av/+/bae3b00a5873d1562679a1289fd8490178cfe064", + "source": "security@android.com" + }, + { + "url": "https://source.android.com/security/bulletin/2023-07-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-211xx/CVE-2023-21145.json b/CVE-2023/CVE-2023-211xx/CVE-2023-21145.json new file mode 100644 index 00000000000..75ded9203ae --- /dev/null +++ b/CVE-2023/CVE-2023-211xx/CVE-2023-21145.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-21145", + "sourceIdentifier": "security@android.com", + "published": "2023-07-13T00:15:23.413", + "lastModified": "2023-07-13T00:15:23.413", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In updatePictureInPictureMode of ActivityRecord.java, there is a possible bypass of background launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://android.googlesource.com/platform/frameworks/base/+/44aeef1b82ecf21187d4903c9e3666a118bdeaf3", + "source": "security@android.com" + }, + { + "url": "https://source.android.com/security/bulletin/2023-07-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21238.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21238.json new file mode 100644 index 00000000000..14937e87e80 --- /dev/null +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21238.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-21238", + "sourceIdentifier": "security@android.com", + "published": "2023-07-13T00:15:23.457", + "lastModified": "2023-07-13T00:15:23.457", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In visitUris of RemoteViews.java, there is a possible leak of images between users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://android.googlesource.com/platform/frameworks/base/+/91bfcbbd87886049778142618a655352b16cd911", + "source": "security@android.com" + }, + { + "url": "https://source.android.com/security/bulletin/2023-07-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21239.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21239.json new file mode 100644 index 00000000000..4fc875c4d19 --- /dev/null +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21239.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-21239", + "sourceIdentifier": "security@android.com", + "published": "2023-07-13T00:15:23.503", + "lastModified": "2023-07-13T00:15:23.503", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In visitUris of Notification.java, there is a possible way to leak image data across user boundaries due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://android.googlesource.com/platform/frameworks/base/+/c451aa5710e1da19139eb3716e39a5d6f04de5c2", + "source": "security@android.com" + }, + { + "url": "https://source.android.com/security/bulletin/2023-07-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21240.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21240.json new file mode 100644 index 00000000000..3c5983f90a6 --- /dev/null +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21240.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-21240", + "sourceIdentifier": "security@android.com", + "published": "2023-07-13T00:15:23.547", + "lastModified": "2023-07-13T00:15:23.547", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In Policy of Policy.java, there is a possible boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://android.googlesource.com/platform/packages/modules/Wifi/+/69119d1d3102e27b6473c785125696881bce9563", + "source": "security@android.com" + }, + { + "url": "https://source.android.com/security/bulletin/2023-07-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21241.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21241.json new file mode 100644 index 00000000000..66ee31111d0 --- /dev/null +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21241.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-21241", + "sourceIdentifier": "security@android.com", + "published": "2023-07-13T00:15:23.590", + "lastModified": "2023-07-13T00:15:23.590", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In rw_i93_send_to_upper of rw_i93.cc, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://android.googlesource.com/platform/system/nfc/+/907d17eeefec6f672ea824e126406e6d8f6b56d8", + "source": "security@android.com" + }, + { + "url": "https://source.android.com/security/bulletin/2023-07-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21243.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21243.json new file mode 100644 index 00000000000..d3687e6d06a --- /dev/null +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21243.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-21243", + "sourceIdentifier": "security@android.com", + "published": "2023-07-13T00:15:23.637", + "lastModified": "2023-07-13T00:15:23.637", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In validateForCommonR1andR2 of PasspointConfiguration.java, there is a possible way to inflate the size of a config file with no limits due to a buffer overflow. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://android.googlesource.com/platform/packages/modules/Wifi/+/5b49b8711efaadadf5052ba85288860c2d7ca7a6", + "source": "security@android.com" + }, + { + "url": "https://source.android.com/security/bulletin/2023-07-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21245.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21245.json new file mode 100644 index 00000000000..90216f05cc9 --- /dev/null +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21245.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-21245", + "sourceIdentifier": "security@android.com", + "published": "2023-07-13T00:15:23.683", + "lastModified": "2023-07-13T00:15:23.683", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In showNextSecurityScreenOrFinish of KeyguardSecurityContainerController.java, there is a possible way to access the lock screen during device setup due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://android.googlesource.com/platform/frameworks/base/+/a33159e8cb297b9eee6fa5c63c0e343d05fad622", + "source": "security@android.com" + }, + { + "url": "https://source.android.com/security/bulletin/2023-07-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21246.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21246.json new file mode 100644 index 00000000000..32d67d86e10 --- /dev/null +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21246.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-21246", + "sourceIdentifier": "security@android.com", + "published": "2023-07-13T00:15:23.727", + "lastModified": "2023-07-13T00:15:23.727", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In ShortcutInfo of ShortcutInfo.java, there is a possible way for an app to retain notification listening access due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://android.googlesource.com/platform/frameworks/base/+/fc1b9998ca8a9fceba47d67fd9ea9b45705b53e0", + "source": "security@android.com" + }, + { + "url": "https://source.android.com/security/bulletin/2023-07-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21247.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21247.json new file mode 100644 index 00000000000..8c33b85be89 --- /dev/null +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21247.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-21247", + "sourceIdentifier": "security@android.com", + "published": "2023-07-13T00:15:23.777", + "lastModified": "2023-07-13T00:15:23.777", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In getAvailabilityStatus of BluetoothScanningMainSwitchPreferenceController.java, there is a possible way to bypass a device policy restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://android.googlesource.com/platform/packages/apps/Settings/+/edd4023805bc7fa54ae31de222cde02b9012bbc4", + "source": "security@android.com" + }, + { + "url": "https://source.android.com/security/bulletin/2023-07-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21248.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21248.json new file mode 100644 index 00000000000..772a9ec9867 --- /dev/null +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21248.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-21248", + "sourceIdentifier": "security@android.com", + "published": "2023-07-13T00:15:23.820", + "lastModified": "2023-07-13T00:15:23.820", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In getAvailabilityStatus of WifiScanningMainSwitchPreferenceController.java, there is a possible way to bypass a device policy restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://android.googlesource.com/platform/packages/apps/Settings/+/edd4023805bc7fa54ae31de222cde02b9012bbc4", + "source": "security@android.com" + }, + { + "url": "https://source.android.com/security/bulletin/2023-07-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21249.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21249.json new file mode 100644 index 00000000000..347b02ef3c5 --- /dev/null +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21249.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-21249", + "sourceIdentifier": "security@android.com", + "published": "2023-07-13T00:15:23.867", + "lastModified": "2023-07-13T00:15:23.867", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In multiple functions of OneTimePermissionUserManager.java, there is a possible one-time permission retention due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://android.googlesource.com/platform/frameworks/base/+/c00b7e7dbc1fa30339adef693d02a51254755d7f", + "source": "security@android.com" + }, + { + "url": "https://source.android.com/security/bulletin/2023-07-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21250.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21250.json new file mode 100644 index 00000000000..08814f1cb75 --- /dev/null +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21250.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-21250", + "sourceIdentifier": "security@android.com", + "published": "2023-07-13T00:15:23.917", + "lastModified": "2023-07-13T00:15:23.917", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In gatt_end_operation of gatt_utils.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/ec573bc83f1ed6722f7cb29431dcb2db7f10bf28", + "source": "security@android.com" + }, + { + "url": "https://source.android.com/security/bulletin/2023-07-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21251.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21251.json new file mode 100644 index 00000000000..f6436399462 --- /dev/null +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21251.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-21251", + "sourceIdentifier": "security@android.com", + "published": "2023-07-13T00:15:23.963", + "lastModified": "2023-07-13T00:15:23.963", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In onCreate of ConfirmDialog.java, there is a possible way to connect to VNP bypassing user's consent due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://android.googlesource.com/platform/frameworks/base/+/57946e2bb73850e817b3c01fa5350d705e178e39", + "source": "security@android.com" + }, + { + "url": "https://source.android.com/security/bulletin/2023-07-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21254.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21254.json new file mode 100644 index 00000000000..863319160ec --- /dev/null +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21254.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-21254", + "sourceIdentifier": "security@android.com", + "published": "2023-07-13T00:15:24.007", + "lastModified": "2023-07-13T00:15:24.007", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In getCurrentState of OneTimePermissionUserManager.java, there is a possible way to hold one-time permissions after the app is being killed due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://android.googlesource.com/platform/frameworks/base/+/fa539c85503dc63bfb53c76b6f12b3549f14a709", + "source": "security@android.com" + }, + { + "url": "https://source.android.com/security/bulletin/2023-07-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21255.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21255.json new file mode 100644 index 00000000000..c20e9489855 --- /dev/null +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21255.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-21255", + "sourceIdentifier": "security@android.com", + "published": "2023-07-13T00:15:24.053", + "lastModified": "2023-07-13T00:15:24.053", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In multiple functions of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://android.googlesource.com/kernel/common/+/1ca1130ec62d", + "source": "security@android.com" + }, + { + "url": "https://source.android.com/security/bulletin/2023-07-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21256.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21256.json new file mode 100644 index 00000000000..e8df5d11464 --- /dev/null +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21256.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-21256", + "sourceIdentifier": "security@android.com", + "published": "2023-07-13T00:15:24.097", + "lastModified": "2023-07-13T00:15:24.097", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities via Settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://android.googlesource.com/platform/packages/apps/Settings/+/62fc1d269f5e754fc8f00b6167d79c3933b4c1f4", + "source": "security@android.com" + }, + { + "url": "https://source.android.com/security/bulletin/2023-07-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21257.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21257.json new file mode 100644 index 00000000000..4b7a6c5f85f --- /dev/null +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21257.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-21257", + "sourceIdentifier": "security@android.com", + "published": "2023-07-13T00:15:24.143", + "lastModified": "2023-07-13T00:15:24.143", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In updateSettingsInternalLI of InstallPackageHelper.java, there is a possible way to sideload an app in the work profile due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://android.googlesource.com/platform/frameworks/base/+/1aec7feaf07e6d4568ca75d18158445dbeac10f6", + "source": "security@android.com" + }, + { + "url": "https://source.android.com/security/bulletin/2023-07-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21260.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21260.json new file mode 100644 index 00000000000..04bb009d047 --- /dev/null +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21260.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-21260", + "sourceIdentifier": "security@android.com", + "published": "2023-07-13T01:15:08.667", + "lastModified": "2023-07-13T01:15:08.667", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In notification access permission dialog box, malicious application can embedded a very long service label that overflow the original user prompt and possibly contains mis-leading information to be appeared as a system message for user confirmation.\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://source.android.com/security/bulletin/aaos/2023-07-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21261.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21261.json new file mode 100644 index 00000000000..e5858ccbbaf --- /dev/null +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21261.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-21261", + "sourceIdentifier": "security@android.com", + "published": "2023-07-13T00:15:24.203", + "lastModified": "2023-07-13T00:15:24.203", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In ft_open_face_internal of ftobjs.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://android.googlesource.com/platform/external/freetype/+/d45f0e49ab54065eb72d92aa3cc5f2152b0910b7", + "source": "security@android.com" + }, + { + "url": "https://source.android.com/security/bulletin/2023-07-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21262.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21262.json new file mode 100644 index 00000000000..79cfe4a27a9 --- /dev/null +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21262.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-21262", + "sourceIdentifier": "security@android.com", + "published": "2023-07-13T00:15:24.250", + "lastModified": "2023-07-13T00:15:24.250", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In startInput of AudioPolicyInterfaceImpl.cpp, there is a possible way of erroneously displaying the microphone privacy indicator due to a race condition. This could lead to false user expectations. User interaction is needed for exploitation.\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://android.googlesource.com/platform/frameworks/av/+/2c8973c39478cd3c8cf11d9f27cc0556a106d006", + "source": "security@android.com" + }, + { + "url": "https://source.android.com/security/bulletin/2023-07-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-213xx/CVE-2023-21399.json b/CVE-2023/CVE-2023-213xx/CVE-2023-21399.json new file mode 100644 index 00000000000..6216000cfd4 --- /dev/null +++ b/CVE-2023/CVE-2023-213xx/CVE-2023-21399.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-21399", + "sourceIdentifier": "security@android.com", + "published": "2023-07-13T00:15:24.297", + "lastModified": "2023-07-13T00:15:24.297", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "there is a possible way to bypass cryptographic assurances due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://source.android.com/security/bulletin/pixel/2023-07-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-214xx/CVE-2023-21400.json b/CVE-2023/CVE-2023-214xx/CVE-2023-21400.json new file mode 100644 index 00000000000..c7b128a0b00 --- /dev/null +++ b/CVE-2023/CVE-2023-214xx/CVE-2023-21400.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-21400", + "sourceIdentifier": "security@android.com", + "published": "2023-07-13T00:15:24.340", + "lastModified": "2023-07-13T00:15:24.340", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://source.android.com/security/bulletin/pixel/2023-07-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-223xx/CVE-2023-22365.json b/CVE-2023/CVE-2023-223xx/CVE-2023-22365.json index 2ecf3913fdc..81dbf4a7738 100644 --- a/CVE-2023/CVE-2023-223xx/CVE-2023-22365.json +++ b/CVE-2023/CVE-2023-223xx/CVE-2023-22365.json @@ -2,8 +2,8 @@ "id": "CVE-2023-22365", "sourceIdentifier": "talos-cna@cisco.com", "published": "2023-07-06T15:15:10.973", - "lastModified": "2023-07-06T15:16:38.363", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-13T01:37:25.207", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "talos-cna@cisco.com", "type": "Secondary", @@ -46,10 +66,42 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:milesight:ur32l_firmware:32.3.0.5:*:*:*:*:*:*:*", + "matchCriteriaId": "CF5F2502-0C97-4AC3-BD0A-45065C64F99B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:milesight:ur32l:-:*:*:*:*:*:*:*", + "matchCriteriaId": "224B5936-7A7A-48E7-B0F3-754B74E4BF2D" + } + ] + } + ] + } + ], "references": [ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1711", - "source": "talos-cna@cisco.com" + "source": "talos-cna@cisco.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-235xx/CVE-2023-23547.json b/CVE-2023/CVE-2023-235xx/CVE-2023-23547.json index 3cc71052569..c6c5f6c3d5c 100644 --- a/CVE-2023/CVE-2023-235xx/CVE-2023-23547.json +++ b/CVE-2023/CVE-2023-235xx/CVE-2023-23547.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23547", "sourceIdentifier": "talos-cna@cisco.com", "published": "2023-07-06T15:15:11.427", - "lastModified": "2023-07-06T15:16:32.190", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-13T01:49:25.823", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "talos-cna@cisco.com", "type": "Secondary", @@ -36,7 +56,7 @@ }, "weaknesses": [ { - "source": "talos-cna@cisco.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,12 +64,55 @@ "value": "CWE-22" } ] + }, + { + "source": "talos-cna@cisco.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:milesight:ur32l_firmware:32.3.0.5:*:*:*:*:*:*:*", + "matchCriteriaId": "CF5F2502-0C97-4AC3-BD0A-45065C64F99B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:milesight:ur32l:-:*:*:*:*:*:*:*", + "matchCriteriaId": "224B5936-7A7A-48E7-B0F3-754B74E4BF2D" + } + ] + } + ] } ], "references": [ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1695", - "source": "talos-cna@cisco.com" + "source": "talos-cna@cisco.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-237xx/CVE-2023-23787.json b/CVE-2023/CVE-2023-237xx/CVE-2023-23787.json index 0b38c927fb0..cedb5e08943 100644 --- a/CVE-2023/CVE-2023-237xx/CVE-2023-23787.json +++ b/CVE-2023/CVE-2023-237xx/CVE-2023-23787.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23787", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-10T16:15:49.390", - "lastModified": "2023-07-10T16:27:17.833", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-12T23:55:45.907", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:premmerce:redirect_manager:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0.9", + "matchCriteriaId": "CAC50249-E7C1-46AA-8C0B-5D8A4807844F" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/premmerce-redirect-manager/wordpress-premmerce-redirect-manager-plugin-1-0-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-238xx/CVE-2023-23804.json b/CVE-2023/CVE-2023-238xx/CVE-2023-23804.json index 4870e967703..3bf978ff911 100644 --- a/CVE-2023/CVE-2023-238xx/CVE-2023-23804.json +++ b/CVE-2023/CVE-2023-238xx/CVE-2023-23804.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23804", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-10T16:15:49.470", - "lastModified": "2023-07-10T16:27:17.833", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-12T23:55:54.530", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -36,7 +56,7 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,12 +64,43 @@ "value": "CWE-352" } ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hasthemes:ht_feed:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.2.8", + "matchCriteriaId": "343D1847-87E2-427E-9190-AB6CE99F33CC" + } + ] + } + ] } ], "references": [ { "url": "https://patchstack.com/database/vulnerability/ht-instagram/wordpress-ht-feed-plugin-1-2-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-238xx/CVE-2023-23869.json b/CVE-2023/CVE-2023-238xx/CVE-2023-23869.json index 11013ba927d..5ef08ce8348 100644 --- a/CVE-2023/CVE-2023-238xx/CVE-2023-23869.json +++ b/CVE-2023/CVE-2023-238xx/CVE-2023-23869.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23869", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-10T16:15:49.547", - "lastModified": "2023-07-10T16:27:17.833", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-13T00:08:41.700", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:digitalinspiration:google_xml_sitemap_for_mobile:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.6.1", + "matchCriteriaId": "12FBF3D8-B210-4459-9983-0740D9D19AD1" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/google-mobile-sitemap/wordpress-google-xml-sitemap-for-mobile-plugin-1-6-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-238xx/CVE-2023-23897.json b/CVE-2023/CVE-2023-238xx/CVE-2023-23897.json index e34d7c2caa5..32f392e9f69 100644 --- a/CVE-2023/CVE-2023-238xx/CVE-2023-23897.json +++ b/CVE-2023/CVE-2023-238xx/CVE-2023-23897.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23897", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-10T16:15:49.610", - "lastModified": "2023-07-10T16:27:17.833", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-13T00:08:48.257", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ozette:simple_mobile_url_redirect:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.7.2", + "matchCriteriaId": "C074856A-F6C1-462C-8D93-962B1DD60F1B" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/simple-mobile-url-redirect/wordpress-simple-mobile-url-redirect-plugin-1-7-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-239xx/CVE-2023-23993.json b/CVE-2023/CVE-2023-239xx/CVE-2023-23993.json index a535b11977d..8201850fa3f 100644 --- a/CVE-2023/CVE-2023-239xx/CVE-2023-23993.json +++ b/CVE-2023/CVE-2023-239xx/CVE-2023-23993.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23993", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-10T16:15:49.677", - "lastModified": "2023-07-10T16:27:17.833", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-13T00:08:54.487", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:lionscripts:ip_blocker_lite:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "11.1.1", + "matchCriteriaId": "6EEC953C-3725-4477-95D0-5DAA0048EC72" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/ip-address-blocker/wordpress-lionscripts-ip-blocker-lite-plugin-11-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-243xx/CVE-2023-24395.json b/CVE-2023/CVE-2023-243xx/CVE-2023-24395.json index 3fbb43f18d1..c20b2b493af 100644 --- a/CVE-2023/CVE-2023-243xx/CVE-2023-24395.json +++ b/CVE-2023/CVE-2023-243xx/CVE-2023-24395.json @@ -2,8 +2,8 @@ "id": "CVE-2023-24395", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-10T16:15:49.743", - "lastModified": "2023-07-10T16:27:17.833", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-13T00:09:02.493", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpplugin:contact_form_7_redirect_\\&_thank_you_page:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.0.4", + "matchCriteriaId": "D7018DCE-65E7-43AB-BC60-6CDA3CD92324" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/cf7-redirect-thank-you-page/wordpress-contact-form-7-redirect-thank-you-page-plugin-1-0-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-244xx/CVE-2023-24405.json b/CVE-2023/CVE-2023-244xx/CVE-2023-24405.json index 37aa5a3c2b2..0259e5f5a8e 100644 --- a/CVE-2023/CVE-2023-244xx/CVE-2023-24405.json +++ b/CVE-2023/CVE-2023-244xx/CVE-2023-24405.json @@ -2,8 +2,8 @@ "id": "CVE-2023-24405", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-10T16:15:49.813", - "lastModified": "2023-07-10T16:27:17.833", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-13T00:20:19.390", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpplugin:paypal_\\&_stripe_add-on:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.9.4", + "matchCriteriaId": "CAF6BFA9-7867-42FB-A699-B461154521DC" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/contact-form-7-paypal-add-on/wordpress-contact-form-7-paypal-stripe-add-on-plugin-1-9-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-244xx/CVE-2023-24496.json b/CVE-2023/CVE-2023-244xx/CVE-2023-24496.json index f06d11d87e1..7225baeb08a 100644 --- a/CVE-2023/CVE-2023-244xx/CVE-2023-24496.json +++ b/CVE-2023/CVE-2023-244xx/CVE-2023-24496.json @@ -2,8 +2,8 @@ "id": "CVE-2023-24496", "sourceIdentifier": "talos-cna@cisco.com", "published": "2023-07-06T15:15:11.953", - "lastModified": "2023-07-06T15:16:32.190", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-13T01:54:21.520", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 2.7 + }, { "source": "talos-cna@cisco.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:milesight:milesightvpn:2.0.2:*:*:*:*:*:*:*", + "matchCriteriaId": "4943376D-ADEB-4BC5-BAF4-81C14233E3C0" + } + ] + } + ] + } + ], "references": [ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1704", - "source": "talos-cna@cisco.com" + "source": "talos-cna@cisco.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-244xx/CVE-2023-24497.json b/CVE-2023/CVE-2023-244xx/CVE-2023-24497.json index 6cd94ef0e02..d1d0aea71ef 100644 --- a/CVE-2023/CVE-2023-244xx/CVE-2023-24497.json +++ b/CVE-2023/CVE-2023-244xx/CVE-2023-24497.json @@ -2,8 +2,8 @@ "id": "CVE-2023-24497", "sourceIdentifier": "talos-cna@cisco.com", "published": "2023-07-06T15:15:12.037", - "lastModified": "2023-07-06T15:16:32.190", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-13T01:55:26.930", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 2.7 + }, { "source": "talos-cna@cisco.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:o:milesight:milesightvpn:2.0.2:*:*:*:*:*:*", + "matchCriteriaId": "D8575C81-3250-4983-9AA6-B4DBFFBA3689" + } + ] + } + ] + } + ], "references": [ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1704", - "source": "talos-cna@cisco.com" + "source": "talos-cna@cisco.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-254xx/CVE-2023-25478.json b/CVE-2023/CVE-2023-254xx/CVE-2023-25478.json index da03e61a560..2b83dc2c26e 100644 --- a/CVE-2023/CVE-2023-254xx/CVE-2023-25478.json +++ b/CVE-2023/CVE-2023-254xx/CVE-2023-25478.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25478", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-10T16:15:49.877", - "lastModified": "2023-07-10T16:27:17.833", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-13T00:20:25.517", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:weather_station_project:weather_station:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.8.12", + "matchCriteriaId": "0059C764-CEBF-4D97-8CAE-DD4CF23AC363" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/live-weather-station/wordpress-weather-station-plugin-3-8-11-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-306xx/CVE-2023-30675.json b/CVE-2023/CVE-2023-306xx/CVE-2023-30675.json index bfa1477b401..ef21e478433 100644 --- a/CVE-2023/CVE-2023-306xx/CVE-2023-30675.json +++ b/CVE-2023/CVE-2023-306xx/CVE-2023-30675.json @@ -2,16 +2,40 @@ "id": "CVE-2023-30675", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-07-06T03:15:12.160", - "lastModified": "2023-07-06T11:55:38.310", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-13T01:11:18.983", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper authentication in Samsung Pass prior to version 4.2.03.1 allows local attacker to access stored account information when Samsung Wallet is not installed." + }, + { + "lang": "es", + "value": "La autenticaci\u00f3n incorrecta en Samsung Pass antes de la versi\u00f3n 4.2.03.1 permite a un atacante local acceder a la informaci\u00f3n de la cuenta almacenada cuando Samsung Wallet no est\u00e1 instalado." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "mobile.security@samsung.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + }, { "source": "mobile.security@samsung.com", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:samsung:pass:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.2.03.1", + "matchCriteriaId": "D2F5FB7F-E952-4E01-B25C-9125EC60A729" + } + ] + } + ] + } + ], "references": [ { "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=07", - "source": "mobile.security@samsung.com" + "source": "mobile.security@samsung.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-306xx/CVE-2023-30676.json b/CVE-2023/CVE-2023-306xx/CVE-2023-30676.json index 57e3f5e45e4..ca6dca0d166 100644 --- a/CVE-2023/CVE-2023-306xx/CVE-2023-30676.json +++ b/CVE-2023/CVE-2023-306xx/CVE-2023-30676.json @@ -2,16 +2,40 @@ "id": "CVE-2023-30676", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-07-06T03:15:12.240", - "lastModified": "2023-07-06T11:55:38.310", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-13T01:13:38.107", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de control de acceso inadecuado en Samsung Pass anterior a la versi\u00f3n 4.2.03.1 permite a los atacantes f\u00edsicamente acceder a los datos de Samsung Pass." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 3.6 + }, { "source": "mobile.security@samsung.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "mobile.security@samsung.com", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:samsung:pass:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.2.03.1", + "matchCriteriaId": "D2F5FB7F-E952-4E01-B25C-9125EC60A729" + } + ] + } + ] + } + ], "references": [ { "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=07", - "source": "mobile.security@samsung.com" + "source": "mobile.security@samsung.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-306xx/CVE-2023-30677.json b/CVE-2023/CVE-2023-306xx/CVE-2023-30677.json index d8ab06db42e..b91d666936f 100644 --- a/CVE-2023/CVE-2023-306xx/CVE-2023-30677.json +++ b/CVE-2023/CVE-2023-306xx/CVE-2023-30677.json @@ -2,16 +2,40 @@ "id": "CVE-2023-30677", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-07-06T03:15:12.317", - "lastModified": "2023-07-06T11:55:38.310", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-13T01:17:19.173", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass on a certain state of an unlocked device." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de control de acceso inadecuado en Samsung Pass anterior a la versi\u00f3n 4.2.03.1 permite a los atacantes f\u00edsicamente acceder a los datos de Samsung Pass en un determinado estado de un dispositivo desbloqueado. " } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 3.6 + }, { "source": "mobile.security@samsung.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "mobile.security@samsung.com", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:samsung:pass:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.2.03.1", + "matchCriteriaId": "D2F5FB7F-E952-4E01-B25C-9125EC60A729" + } + ] + } + ] + } + ], "references": [ { "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=07", - "source": "mobile.security@samsung.com" + "source": "mobile.security@samsung.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-306xx/CVE-2023-30678.json b/CVE-2023/CVE-2023-306xx/CVE-2023-30678.json index deaa1cbedf4..fc9c85be440 100644 --- a/CVE-2023/CVE-2023-306xx/CVE-2023-30678.json +++ b/CVE-2023/CVE-2023-306xx/CVE-2023-30678.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30678", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-07-06T03:15:12.397", - "lastModified": "2023-07-06T11:55:38.310", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-13T01:09:28.843", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "mobile.security@samsung.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, { "source": "mobile.security@samsung.com", "type": "Secondary", @@ -46,10 +76,43 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:samsung:calendar:*:*:*:*:*:*:*:*", + "versionEndExcluding": "12.4.07.15", + "matchCriteriaId": "41A0BB00-A4AD-4107-A9C1-729FACD5A6D5" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + } + ] + } + ], "references": [ { "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=07", - "source": "mobile.security@samsung.com" + "source": "mobile.security@samsung.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34123.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34123.json new file mode 100644 index 00000000000..e3eb0f61d74 --- /dev/null +++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34123.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-34123", + "sourceIdentifier": "PSIRT@sonicwall.com", + "published": "2023-07-13T00:15:24.387", + "lastModified": "2023-07-13T00:15:24.387", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Use of Hard-coded Cryptographic Key vulnerability in SonicWall GMS, SonicWall Analytics. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.\n\n" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "PSIRT@sonicwall.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-321" + } + ] + } + ], + "references": [ + { + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010", + "source": "PSIRT@sonicwall.com" + }, + { + "url": "https://www.sonicwall.com/support/notices/230710150218060", + "source": "PSIRT@sonicwall.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34124.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34124.json new file mode 100644 index 00000000000..536e9394c96 --- /dev/null +++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34124.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-34124", + "sourceIdentifier": "PSIRT@sonicwall.com", + "published": "2023-07-13T01:15:08.723", + "lastModified": "2023-07-13T01:15:08.723", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.\n\n" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "PSIRT@sonicwall.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-305" + } + ] + } + ], + "references": [ + { + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010", + "source": "PSIRT@sonicwall.com" + }, + { + "url": "https://www.sonicwall.com/support/notices/230710150218060", + "source": "PSIRT@sonicwall.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34125.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34125.json new file mode 100644 index 00000000000..c6419020703 --- /dev/null +++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34125.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-34125", + "sourceIdentifier": "PSIRT@sonicwall.com", + "published": "2023-07-13T01:15:08.783", + "lastModified": "2023-07-13T01:15:08.783", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Path Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary files from the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.\n\n" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "PSIRT@sonicwall.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-27" + } + ] + } + ], + "references": [ + { + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010", + "source": "PSIRT@sonicwall.com" + }, + { + "url": "https://www.sonicwall.com/support/notices/230710150218060", + "source": "PSIRT@sonicwall.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34126.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34126.json new file mode 100644 index 00000000000..279717eb462 --- /dev/null +++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34126.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-34126", + "sourceIdentifier": "PSIRT@sonicwall.com", + "published": "2023-07-13T01:15:08.837", + "lastModified": "2023-07-13T01:15:08.837", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in SonicWall GMS and Analytics allows an authenticated attacker to upload files on the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "PSIRT@sonicwall.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010", + "source": "PSIRT@sonicwall.com" + }, + { + "url": "https://www.sonicwall.com/support/notices/230710150218060", + "source": "PSIRT@sonicwall.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34127.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34127.json new file mode 100644 index 00000000000..6ac154b6b21 --- /dev/null +++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34127.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-34127", + "sourceIdentifier": "PSIRT@sonicwall.com", + "published": "2023-07-13T01:15:08.893", + "lastModified": "2023-07-13T01:15:08.893", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary code with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "PSIRT@sonicwall.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010", + "source": "PSIRT@sonicwall.com" + }, + { + "url": "https://www.sonicwall.com/support/notices/230710150218060", + "source": "PSIRT@sonicwall.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34128.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34128.json new file mode 100644 index 00000000000..f5d99be7497 --- /dev/null +++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34128.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-34128", + "sourceIdentifier": "PSIRT@sonicwall.com", + "published": "2023-07-13T01:15:08.950", + "lastModified": "2023-07-13T01:15:08.950", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "PSIRT@sonicwall.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-260" + } + ] + } + ], + "references": [ + { + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010", + "source": "PSIRT@sonicwall.com" + }, + { + "url": "https://www.sonicwall.com/support/notices/230710150218060", + "source": "PSIRT@sonicwall.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-356xx/CVE-2023-35691.json b/CVE-2023/CVE-2023-356xx/CVE-2023-35691.json new file mode 100644 index 00000000000..0832790163b --- /dev/null +++ b/CVE-2023/CVE-2023-356xx/CVE-2023-35691.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-35691", + "sourceIdentifier": "security@android.com", + "published": "2023-07-13T00:15:24.457", + "lastModified": "2023-07-13T00:15:24.457", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with System execution privileges needed. User interaction is not needed for exploitation.\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://source.android.com/security/bulletin/pixel/2023-07-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-356xx/CVE-2023-35693.json b/CVE-2023/CVE-2023-356xx/CVE-2023-35693.json new file mode 100644 index 00000000000..1ac96db5783 --- /dev/null +++ b/CVE-2023/CVE-2023-356xx/CVE-2023-35693.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-35693", + "sourceIdentifier": "security@android.com", + "published": "2023-07-13T00:15:24.503", + "lastModified": "2023-07-13T00:15:24.503", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In incfs_kill_sb of fs/incfs/vfs.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://android.googlesource.com/kernel/common/+/8ff940b3513cb", + "source": "security@android.com" + }, + { + "url": "https://source.android.com/security/bulletin/pixel/2023-07-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-356xx/CVE-2023-35694.json b/CVE-2023/CVE-2023-356xx/CVE-2023-35694.json new file mode 100644 index 00000000000..f74992bf36d --- /dev/null +++ b/CVE-2023/CVE-2023-356xx/CVE-2023-35694.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-35694", + "sourceIdentifier": "security@android.com", + "published": "2023-07-13T00:15:24.550", + "lastModified": "2023-07-13T00:15:24.550", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In DMPixelLogger_ProcessDmCommand of DMPixelLogger.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://source.android.com/security/bulletin/pixel/2023-07-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 0ce347f4d46..2c5145c2794 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-07-12T23:55:31.179878+00:00 +2023-07-13T02:00:50.875669+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-07-12T23:33:53.107000+00:00 +2023-07-13T01:55:26.930000+00:00 ``` ### Last Data Feed Release @@ -23,46 +23,73 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2023-07-12T00:00:13.565727+00:00 +2023-07-13T00:00:13.560870+00:00 ``` ### Total Number of included CVEs ```plain -220141 +220175 ``` ### CVEs added in the last Commit -Recently added CVEs: `0` +Recently added CVEs: `34` +* [CVE-2023-21245](CVE-2023/CVE-2023-212xx/CVE-2023-21245.json) (`2023-07-13T00:15:23.683`) +* [CVE-2023-21246](CVE-2023/CVE-2023-212xx/CVE-2023-21246.json) (`2023-07-13T00:15:23.727`) +* [CVE-2023-21247](CVE-2023/CVE-2023-212xx/CVE-2023-21247.json) (`2023-07-13T00:15:23.777`) +* [CVE-2023-21248](CVE-2023/CVE-2023-212xx/CVE-2023-21248.json) (`2023-07-13T00:15:23.820`) +* [CVE-2023-21249](CVE-2023/CVE-2023-212xx/CVE-2023-21249.json) (`2023-07-13T00:15:23.867`) +* [CVE-2023-21250](CVE-2023/CVE-2023-212xx/CVE-2023-21250.json) (`2023-07-13T00:15:23.917`) +* [CVE-2023-21251](CVE-2023/CVE-2023-212xx/CVE-2023-21251.json) (`2023-07-13T00:15:23.963`) +* [CVE-2023-21254](CVE-2023/CVE-2023-212xx/CVE-2023-21254.json) (`2023-07-13T00:15:24.007`) +* [CVE-2023-21255](CVE-2023/CVE-2023-212xx/CVE-2023-21255.json) (`2023-07-13T00:15:24.053`) +* [CVE-2023-21256](CVE-2023/CVE-2023-212xx/CVE-2023-21256.json) (`2023-07-13T00:15:24.097`) +* [CVE-2023-21257](CVE-2023/CVE-2023-212xx/CVE-2023-21257.json) (`2023-07-13T00:15:24.143`) +* [CVE-2023-21261](CVE-2023/CVE-2023-212xx/CVE-2023-21261.json) (`2023-07-13T00:15:24.203`) +* [CVE-2023-21262](CVE-2023/CVE-2023-212xx/CVE-2023-21262.json) (`2023-07-13T00:15:24.250`) +* [CVE-2023-21399](CVE-2023/CVE-2023-213xx/CVE-2023-21399.json) (`2023-07-13T00:15:24.297`) +* [CVE-2023-21400](CVE-2023/CVE-2023-214xx/CVE-2023-21400.json) (`2023-07-13T00:15:24.340`) +* [CVE-2023-34123](CVE-2023/CVE-2023-341xx/CVE-2023-34123.json) (`2023-07-13T00:15:24.387`) +* [CVE-2023-35691](CVE-2023/CVE-2023-356xx/CVE-2023-35691.json) (`2023-07-13T00:15:24.457`) +* [CVE-2023-35693](CVE-2023/CVE-2023-356xx/CVE-2023-35693.json) (`2023-07-13T00:15:24.503`) +* [CVE-2023-35694](CVE-2023/CVE-2023-356xx/CVE-2023-35694.json) (`2023-07-13T00:15:24.550`) +* [CVE-2023-21260](CVE-2023/CVE-2023-212xx/CVE-2023-21260.json) (`2023-07-13T01:15:08.667`) +* [CVE-2023-34124](CVE-2023/CVE-2023-341xx/CVE-2023-34124.json) (`2023-07-13T01:15:08.723`) +* [CVE-2023-34125](CVE-2023/CVE-2023-341xx/CVE-2023-34125.json) (`2023-07-13T01:15:08.783`) +* [CVE-2023-34126](CVE-2023/CVE-2023-341xx/CVE-2023-34126.json) (`2023-07-13T01:15:08.837`) +* [CVE-2023-34127](CVE-2023/CVE-2023-341xx/CVE-2023-34127.json) (`2023-07-13T01:15:08.893`) +* [CVE-2023-34128](CVE-2023/CVE-2023-341xx/CVE-2023-34128.json) (`2023-07-13T01:15:08.950`) ### CVEs modified in the last Commit -Recently modified CVEs: `21` +Recently modified CVEs: `23` -* [CVE-2022-48516](CVE-2022/CVE-2022-485xx/CVE-2022-48516.json) (`2023-07-12T22:23:21.653`) -* [CVE-2022-48517](CVE-2022/CVE-2022-485xx/CVE-2022-48517.json) (`2023-07-12T22:35:11.063`) -* [CVE-2022-48518](CVE-2022/CVE-2022-485xx/CVE-2022-48518.json) (`2023-07-12T22:36:34.873`) -* [CVE-2022-48519](CVE-2022/CVE-2022-485xx/CVE-2022-48519.json) (`2023-07-12T22:39:57.940`) -* [CVE-2022-48520](CVE-2022/CVE-2022-485xx/CVE-2022-48520.json) (`2023-07-12T22:40:05.937`) -* [CVE-2023-27390](CVE-2023/CVE-2023-273xx/CVE-2023-27390.json) (`2023-07-12T22:11:30.093`) -* [CVE-2023-31194](CVE-2023/CVE-2023-311xx/CVE-2023-31194.json) (`2023-07-12T22:23:05.890`) -* [CVE-2023-1691](CVE-2023/CVE-2023-16xx/CVE-2023-1691.json) (`2023-07-12T22:42:44.353`) -* [CVE-2023-1695](CVE-2023/CVE-2023-16xx/CVE-2023-1695.json) (`2023-07-12T22:45:16.747`) -* [CVE-2023-34164](CVE-2023/CVE-2023-341xx/CVE-2023-34164.json) (`2023-07-12T22:46:55.213`) -* [CVE-2023-37238](CVE-2023/CVE-2023-372xx/CVE-2023-37238.json) (`2023-07-12T22:51:22.043`) -* [CVE-2023-29381](CVE-2023/CVE-2023-293xx/CVE-2023-29381.json) (`2023-07-12T22:58:46.303`) -* [CVE-2023-35948](CVE-2023/CVE-2023-359xx/CVE-2023-35948.json) (`2023-07-12T22:59:03.060`) -* [CVE-2023-29382](CVE-2023/CVE-2023-293xx/CVE-2023-29382.json) (`2023-07-12T23:00:33.740`) -* [CVE-2023-30319](CVE-2023/CVE-2023-303xx/CVE-2023-30319.json) (`2023-07-12T23:03:07.083`) -* [CVE-2023-30320](CVE-2023/CVE-2023-303xx/CVE-2023-30320.json) (`2023-07-12T23:03:16.713`) -* [CVE-2023-30321](CVE-2023/CVE-2023-303xx/CVE-2023-30321.json) (`2023-07-12T23:08:22.767`) -* [CVE-2023-34192](CVE-2023/CVE-2023-341xx/CVE-2023-34192.json) (`2023-07-12T23:08:32.340`) -* [CVE-2023-34193](CVE-2023/CVE-2023-341xx/CVE-2023-34193.json) (`2023-07-12T23:13:27.507`) -* [CVE-2023-22694](CVE-2023/CVE-2023-226xx/CVE-2023-22694.json) (`2023-07-12T23:28:28.043`) -* [CVE-2023-22695](CVE-2023/CVE-2023-226xx/CVE-2023-22695.json) (`2023-07-12T23:33:53.107`) +* [CVE-2022-48513](CVE-2022/CVE-2022-485xx/CVE-2022-48513.json) (`2023-07-13T00:58:46.147`) +* [CVE-2022-48514](CVE-2022/CVE-2022-485xx/CVE-2022-48514.json) (`2023-07-13T01:02:11.377`) +* [CVE-2022-48515](CVE-2022/CVE-2022-485xx/CVE-2022-48515.json) (`2023-07-13T01:05:49.397`) +* [CVE-2022-48512](CVE-2022/CVE-2022-485xx/CVE-2022-48512.json) (`2023-07-13T01:07:21.960`) +* [CVE-2022-48511](CVE-2022/CVE-2022-485xx/CVE-2022-48511.json) (`2023-07-13T01:26:08.630`) +* [CVE-2022-48510](CVE-2022/CVE-2022-485xx/CVE-2022-48510.json) (`2023-07-13T01:28:03.890`) +* [CVE-2023-23787](CVE-2023/CVE-2023-237xx/CVE-2023-23787.json) (`2023-07-12T23:55:45.907`) +* [CVE-2023-23804](CVE-2023/CVE-2023-238xx/CVE-2023-23804.json) (`2023-07-12T23:55:54.530`) +* [CVE-2023-23869](CVE-2023/CVE-2023-238xx/CVE-2023-23869.json) (`2023-07-13T00:08:41.700`) +* [CVE-2023-23897](CVE-2023/CVE-2023-238xx/CVE-2023-23897.json) (`2023-07-13T00:08:48.257`) +* [CVE-2023-23993](CVE-2023/CVE-2023-239xx/CVE-2023-23993.json) (`2023-07-13T00:08:54.487`) +* [CVE-2023-24395](CVE-2023/CVE-2023-243xx/CVE-2023-24395.json) (`2023-07-13T00:09:02.493`) +* [CVE-2023-20910](CVE-2023/CVE-2023-209xx/CVE-2023-20910.json) (`2023-07-13T00:15:23.223`) +* [CVE-2023-24405](CVE-2023/CVE-2023-244xx/CVE-2023-24405.json) (`2023-07-13T00:20:19.390`) +* [CVE-2023-25478](CVE-2023/CVE-2023-254xx/CVE-2023-25478.json) (`2023-07-13T00:20:25.517`) +* [CVE-2023-30678](CVE-2023/CVE-2023-306xx/CVE-2023-30678.json) (`2023-07-13T01:09:28.843`) +* [CVE-2023-30675](CVE-2023/CVE-2023-306xx/CVE-2023-30675.json) (`2023-07-13T01:11:18.983`) +* [CVE-2023-30676](CVE-2023/CVE-2023-306xx/CVE-2023-30676.json) (`2023-07-13T01:13:38.107`) +* [CVE-2023-30677](CVE-2023/CVE-2023-306xx/CVE-2023-30677.json) (`2023-07-13T01:17:19.173`) +* [CVE-2023-22365](CVE-2023/CVE-2023-223xx/CVE-2023-22365.json) (`2023-07-13T01:37:25.207`) +* [CVE-2023-23547](CVE-2023/CVE-2023-235xx/CVE-2023-23547.json) (`2023-07-13T01:49:25.823`) +* [CVE-2023-24496](CVE-2023/CVE-2023-244xx/CVE-2023-24496.json) (`2023-07-13T01:54:21.520`) +* [CVE-2023-24497](CVE-2023/CVE-2023-244xx/CVE-2023-24497.json) (`2023-07-13T01:55:26.930`) ## Download and Usage