Skip to content

Commit

Permalink
Auto-Update: 2024-12-03T17:01:01.472617+00:00
Browse files Browse the repository at this point in the history
  • Loading branch information
@cad-safe-bot
cad-safe-bot committed Dec 3, 2024
1 parent 60300ac commit 66b91c8
Show file tree
Hide file tree
Showing 87 changed files with 5,520 additions and 509 deletions.
43 changes: 41 additions & 2 deletions CVE-2018/CVE-2018-94xx/CVE-2018-9418.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,55 @@
"id": "CVE-2018-9418",
"sourceIdentifier": "[email protected]",
"published": "2024-12-02T22:15:08.727",
"lastModified": "2024-12-02T22:15:08.727",
"lastModified": "2024-12-03T16:15:18.587",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In handle_app_cur_val_response of dtif_rc.cc, there is a possible stack\u00a0buffer overflow due to a missing bounds check. This could lead to remote\u00a0code execution with no additional execution privileges needed. User\u00a0interaction is not needed for exploitation."
},
{
"lang": "es",
"value": " En handle_app_cur_val_response de dtif_rc.cc, existe un posible desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria debido a la falta de una comprobaci\u00f3n de los l\u00edmites. Esto podr\u00eda provocar la ejecuci\u00f3n remota de c\u00f3digo sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01",
Expand Down
43 changes: 41 additions & 2 deletions CVE-2018/CVE-2018-94xx/CVE-2018-9423.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,55 @@
"id": "CVE-2018-9423",
"sourceIdentifier": "[email protected]",
"published": "2024-12-02T22:15:08.827",
"lastModified": "2024-12-02T22:15:08.827",
"lastModified": "2024-12-03T15:15:05.530",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In ihevcd_parse_slice_header of ihevcd_parse_slice_header.c there is a possible out of bound read due to missing bounds check. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation."
},
{
"lang": "es",
"value": " En ihevcd_parse_slice_header de ihevcd_parse_slice_header.c existe una posible lectura fuera de los l\u00edmites debido a la falta de verificaci\u00f3n de los l\u00edmites. Esto podr\u00eda provocar una denegaci\u00f3n de servicio sin necesidad de privilegios de ejecuci\u00f3n adicionales. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01",
Expand Down
43 changes: 41 additions & 2 deletions CVE-2018/CVE-2018-94xx/CVE-2018-9426.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,55 @@
"id": "CVE-2018-9426",
"sourceIdentifier": "[email protected]",
"published": "2024-12-02T22:15:08.917",
"lastModified": "2024-12-02T22:15:08.917",
"lastModified": "2024-12-03T15:15:05.730",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In \u00a0RsaKeyPairGenerator::getNumberOfIterations of RSAKeyPairGenerator.java,\u00a0an incorrect implementation could cause weak RSA key pairs being generated.\u00a0This could lead to crypto vulnerability with no additional execution\u00a0privileges needed. User interaction is not needed for exploitation.\u00a0Bulletin Fix: The fix is designed to correctly implement the key generation according to FIPS standard."
},
{
"lang": "es",
"value": "En RsaKeyPairGenerator::getNumberOfIterations de RSAKeyPairGenerator.java, una implementaci\u00f3n incorrecta podr\u00eda provocar la generaci\u00f3n de pares de claves RSA d\u00e9biles. Esto podr\u00eda provocar una vulnerabilidad de cifrado sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se necesita la interacci\u00f3n del usuario para su explotaci\u00f3n. Correcci\u00f3n del bolet\u00edn: la correcci\u00f3n est\u00e1 dise\u00f1ada para implementar correctamente la generaci\u00f3n de claves de acuerdo con el est\u00e1ndar FIPS."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-331"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01",
Expand Down
43 changes: 41 additions & 2 deletions CVE-2018/CVE-2018-94xx/CVE-2018-9429.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,55 @@
"id": "CVE-2018-9429",
"sourceIdentifier": "[email protected]",
"published": "2024-12-02T22:15:09.013",
"lastModified": "2024-12-02T22:15:09.013",
"lastModified": "2024-12-03T15:15:05.927",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In buildImageItemsIfPossible of ItemTable.cpp there is a possible out of bound read due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation."
},
{
"lang": "es",
"value": " En buildImageItemsIfPossible de ItemTable.cpp existe una posible lectura fuera de los l\u00edmites debido a datos no inicializados. Esto podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n sin necesidad de privilegios de ejecuci\u00f3n adicionales. Se necesita la interacci\u00f3n del usuario para su explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01",
Expand Down
43 changes: 41 additions & 2 deletions CVE-2018/CVE-2018-94xx/CVE-2018-9430.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,55 @@
"id": "CVE-2018-9430",
"sourceIdentifier": "[email protected]",
"published": "2024-12-02T22:15:09.113",
"lastModified": "2024-12-02T22:15:09.113",
"lastModified": "2024-12-03T15:15:06.087",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In prop2cfg of btif_storage.cc, there is a possible out of bounds write due\u00a0to an incorrect bounds check. This could lead to remote code execution with\u00a0no additional execution privileges needed. User interaction is not needed\u00a0for exploitation."
},
{
"lang": "es",
"value": " En prop2cfg de btif_storage.cc, existe una posible escritura fuera de los l\u00edmites debido a una comprobaci\u00f3n de los l\u00edmites incorrecta. Esto podr\u00eda provocar la ejecuci\u00f3n remota de c\u00f3digo sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01",
Expand Down
43 changes: 41 additions & 2 deletions CVE-2018/CVE-2018-94xx/CVE-2018-9431.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,55 @@
"id": "CVE-2018-9431",
"sourceIdentifier": "[email protected]",
"published": "2024-12-02T22:15:09.210",
"lastModified": "2024-12-02T22:15:09.210",
"lastModified": "2024-12-03T15:15:06.270",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In OSUInfo of OSUInfo.java, there is a possible escalation of privilege due\u00a0to improper input validation. This could lead to local escalation of\u00a0privilege with no additional execution privileges needed. User interaction\u00a0is not needed for exploitation."
},
{
"lang": "es",
"value": "En OSUInfo de OSUInfo.java, existe una posible escalada de privilegios debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda provocar una escalada local de privilegios sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01",
Expand Down
Loading

0 comments on commit 66b91c8

Please sign in to comment.