Auto-Update: 2024-07-01T06:04:11.841010+00:00

2025-05-08 19:47:09 +00:00 · 2024-07-01 06:07:03 +00:00 · 2024-07-01 06:07:03 +00:00 · 39abec216f
commit 39abec216f
parent 0a9d0af380
11 changed files with 370 additions and 6 deletions
--- a/CVE-2024/CVE-2024-200xx/CVE-2024-20076.json
+++ b/CVE-2024/CVE-2024-200xx/CVE-2024-20076.json
@ -0,0 +1,33 @@
+{
+  "id": "CVE-2024-20076",
+  "sourceIdentifier": "security@mediatek.com",
+  "published": "2024-07-01T05:15:03.957",
+  "lastModified": "2024-07-01T05:15:03.957",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01297806; Issue ID: MSV-1481."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "security@mediatek.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-119"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://corp.mediatek.com/product-security-bulletin/July-2024",
+      "source": "security@mediatek.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-200xx/CVE-2024-20077.json
+++ b/CVE-2024/CVE-2024-200xx/CVE-2024-20077.json
@ -0,0 +1,33 @@
+{
+  "id": "CVE-2024-20077",
+  "sourceIdentifier": "security@mediatek.com",
+  "published": "2024-07-01T05:15:04.133",
+  "lastModified": "2024-07-01T05:15:04.133",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01297807; Issue ID: MSV-1482."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "security@mediatek.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-119"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://corp.mediatek.com/product-security-bulletin/July-2024",
+      "source": "security@mediatek.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-200xx/CVE-2024-20078.json
+++ b/CVE-2024/CVE-2024-200xx/CVE-2024-20078.json
@ -0,0 +1,33 @@
+{
+  "id": "CVE-2024-20078",
+  "sourceIdentifier": "security@mediatek.com",
+  "published": "2024-07-01T05:15:04.227",
+  "lastModified": "2024-07-01T05:15:04.227",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In venc, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08737250; Issue ID: MSV-1452."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "security@mediatek.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-843"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://corp.mediatek.com/product-security-bulletin/July-2024",
+      "source": "security@mediatek.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-200xx/CVE-2024-20079.json
+++ b/CVE-2024/CVE-2024-200xx/CVE-2024-20079.json
@ -0,0 +1,33 @@
+{
+  "id": "CVE-2024-20079",
+  "sourceIdentifier": "security@mediatek.com",
+  "published": "2024-07-01T05:15:04.333",
+  "lastModified": "2024-07-01T05:15:04.333",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID: MSV-1491."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "security@mediatek.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-787"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://corp.mediatek.com/product-security-bulletin/July-2024",
+      "source": "security@mediatek.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-200xx/CVE-2024-20080.json
+++ b/CVE-2024/CVE-2024-200xx/CVE-2024-20080.json
@ -0,0 +1,33 @@
+{
+  "id": "CVE-2024-20080",
+  "sourceIdentifier": "security@mediatek.com",
+  "published": "2024-07-01T05:15:04.430",
+  "lastModified": "2024-07-01T05:15:04.430",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In gnss service, there is a possible escalation of privilege due to improper certificate validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08720039; Issue ID: MSV-1424."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "security@mediatek.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-295"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://corp.mediatek.com/product-security-bulletin/July-2024",
+      "source": "security@mediatek.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-200xx/CVE-2024-20081.json
+++ b/CVE-2024/CVE-2024-200xx/CVE-2024-20081.json
@ -0,0 +1,33 @@
+{
+  "id": "CVE-2024-20081",
+  "sourceIdentifier": "security@mediatek.com",
+  "published": "2024-07-01T05:15:04.520",
+  "lastModified": "2024-07-01T05:15:04.520",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08719602; Issue ID: MSV-1412."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "security@mediatek.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-787"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://corp.mediatek.com/product-security-bulletin/July-2024",
+      "source": "security@mediatek.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-31xx/CVE-2024-3122.json
+++ b/CVE-2024/CVE-2024-31xx/CVE-2024-3122.json
@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-3122",
+  "sourceIdentifier": "twcert@cert.org.tw",
+  "published": "2024-07-01T05:15:04.693",
+  "lastModified": "2024-07-01T05:15:04.693",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "CHANGING Mobile One Time Password does not properly filter parameters for the file download functionality, allowing remote attackers with administrator privilege to read arbitrary file on the system."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "twcert@cert.org.tw",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.9,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "twcert@cert.org.tw",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-23"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.twcert.org.tw/en/cp-139-7912-4c800-2.html",
+      "source": "twcert@cert.org.tw"
+    },
+    {
+      "url": "https://www.twcert.org.tw/tw/cp-132-7911-0962e-1.html",
+      "source": "twcert@cert.org.tw"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-31xx/CVE-2024-3123.json
+++ b/CVE-2024/CVE-2024-31xx/CVE-2024-3123.json
@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-3123",
+  "sourceIdentifier": "twcert@cert.org.tw",
+  "published": "2024-07-01T05:15:04.973",
+  "lastModified": "2024-07-01T05:15:04.973",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "CHANGING Mobile One Time Password's uploading function in a hidden page does not filter file type properly. Remote attackers with  administrator privilege can exploit this vulnerability to upload and run malicious file to execute system commands."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "twcert@cert.org.tw",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.2,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "twcert@cert.org.tw",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-434"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.twcert.org.tw/en/cp-139-7914-33fbb-2.html",
+      "source": "twcert@cert.org.tw"
+    },
+    {
+      "url": "https://www.twcert.org.tw/tw/cp-132-7913-6528e-1.html",
+      "source": "twcert@cert.org.tw"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-384xx/CVE-2024-38480.json
+++ b/CVE-2024/CVE-2024-384xx/CVE-2024-38480.json
@ -0,0 +1,29 @@
+{
+  "id": "CVE-2024-38480",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2024-07-01T05:15:04.613",
+  "lastModified": "2024-07-01T05:15:04.613",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "\"Piccoma\" App for Android and iOS versions prior to 6.20.0 uses a hard-coded API key for an external service, which may allow a local attacker to obtain the API key. Note that the users of the app are not directly affected by this vulnerability."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://apps.apple.com/jp/app/%E3%83%94%E3%83%83%E3%82%B3%E3%83%9E/id1091496983",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://jvn.jp/en/jp/JVN01073312/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://play.google.com/store/apps/details?id=jp.kakao.piccoma",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-07-01T02:00:53.948786+00:00
+2024-07-01T06:04:11.841010+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-07-01T00:15:01.950000+00:00
+2024-07-01T05:15:04.973000+00:00
 ```

 ### Last Data Feed Release
@ -33,14 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-255518
+255527
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `1`
+Recently added CVEs: `9`

- [CVE-2024-6419](CVE-2024/CVE-2024-64xx/CVE-2024-6419.json) (`2024-07-01T00:15:01.950`)
+- [CVE-2024-20076](CVE-2024/CVE-2024-200xx/CVE-2024-20076.json) (`2024-07-01T05:15:03.957`)
+- [CVE-2024-20077](CVE-2024/CVE-2024-200xx/CVE-2024-20077.json) (`2024-07-01T05:15:04.133`)
+- [CVE-2024-20078](CVE-2024/CVE-2024-200xx/CVE-2024-20078.json) (`2024-07-01T05:15:04.227`)
+- [CVE-2024-20079](CVE-2024/CVE-2024-200xx/CVE-2024-20079.json) (`2024-07-01T05:15:04.333`)
+- [CVE-2024-20080](CVE-2024/CVE-2024-200xx/CVE-2024-20080.json) (`2024-07-01T05:15:04.430`)
+- [CVE-2024-20081](CVE-2024/CVE-2024-200xx/CVE-2024-20081.json) (`2024-07-01T05:15:04.520`)
+- [CVE-2024-3122](CVE-2024/CVE-2024-31xx/CVE-2024-3122.json) (`2024-07-01T05:15:04.693`)
+- [CVE-2024-3123](CVE-2024/CVE-2024-31xx/CVE-2024-3123.json) (`2024-07-01T05:15:04.973`)
+- [CVE-2024-38480](CVE-2024/CVE-2024-384xx/CVE-2024-38480.json) (`2024-07-01T05:15:04.613`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -242444,7 +242444,13 @@ CVE-2024-20072,0,0,c200ff4baf6255d64deb0271583c6f0f747c9ccdf27a663d7a798dfcb83f3
 CVE-2024-20073,0,0,a0b25eb428467d36e6c8d6b6d33dfc4191a095e61c25b5d42e8224294b10245c,2024-06-03T14:46:24.250000
 CVE-2024-20074,0,0,ae8ea4f1aeb95c2db6d96bbffc4725f4aeeca344255405cba91589fc79862e12,2024-06-03T14:46:24.250000
 CVE-2024-20075,0,0,c25b515a91dbc89ebe595fac548aad128c5354b0efe2add6f43a7dd87e7c74de,2024-06-03T14:46:24.250000
+CVE-2024-20076,1,1,5b8e128bd64dffe75210d9a0b1bc6cdbc08ff0769e5c234fe829408adddec05e,2024-07-01T05:15:03.957000
+CVE-2024-20077,1,1,66a7c2729e76a45ec5e0f137aaede7f64c1ece3055e82f3815294e1c922f8222,2024-07-01T05:15:04.133000
+CVE-2024-20078,1,1,615d8853961ee7e2655c265f9bad9728786d5b6e686e7be58f6c7132bfd7d7e0,2024-07-01T05:15:04.227000
+CVE-2024-20079,1,1,342b9b2a5d769ac895bbd0f3a2b5892e188f70cf0959891c16c1d39545d2a2ca,2024-07-01T05:15:04.333000
 CVE-2024-2008,0,0,89351e3b3909d90b71f2b464baa5c1531110f0fc183853e9b068b202a6597011,2024-04-04T12:48:41.700000
+CVE-2024-20080,1,1,9c982d25c24ac58d824e3c49f320d7b0009896b9ce3a6416a68ab1ed4e8a6645,2024-07-01T05:15:04.430000
+CVE-2024-20081,1,1,cc6a1119d36737ed31cf2c18c5e1c454229879a5d20f8de1b66d494e5f3d69f5,2024-07-01T05:15:04.520000
 CVE-2024-2009,0,0,71459ca320e3ba6a6c331932225f22d43a50dc1f7bd5a77e40fa738dd949aeca,2024-05-17T02:37:59.337000
 CVE-2024-2011,0,0,845fb303b632df2a82ac2c4f8385a50b893aa8c309406d3fe328481c0cd09158,2024-06-13T18:36:45.417000
 CVE-2024-2012,0,0,878efb3776c708b50cfb853377bc9e21e4d99f3747b5a678478141addae0900a,2024-06-13T18:36:45.417000
@ -249605,12 +249611,14 @@ CVE-2024-31216,0,0,d81eedaba41c66ff5403344865ad7320029e4218bc907b5fcd390407a8729
 CVE-2024-31217,0,0,5f9cfb0e61249f70dadebe14e4e4386911d46ac33fe3ecd5dce212e07cce5f8c,2024-06-13T18:36:09.010000
 CVE-2024-31218,0,0,7bde3095db5888b85ce9669e8bb2502e2c0767a6efc1fdc83c6973eaeb264970,2024-04-08T18:49:25.863000
 CVE-2024-31219,0,0,d2d2811e70f71b6e8f1f63a3f7bda6856d7eb5bcd23ce2727f866e79d3b49966,2024-04-15T19:12:25.887000
+CVE-2024-3122,1,1,d4ac9312457aedc27f8f39526636e907b8d8d84cee5307c39123bdeeae38adf1,2024-07-01T05:15:04.693000
 CVE-2024-31220,0,0,5364fec01a2c522837b9bb1f12dd2e109f09573a57ee59445d858fa07dd681f7,2024-04-08T18:49:25.863000
 CVE-2024-31221,0,0,093d7a2a638171e5d3f8cc3b06e5a6b3ca8a7674a42c7ed40ef62927f76d1926,2024-04-08T18:48:40.217000
 CVE-2024-31224,0,0,2f84ceb3d774709c2492171042eddaeb6b6b98a31b06a1f67434414d962c7206,2024-04-08T18:48:40.217000
 CVE-2024-31225,0,0,775bf5be18a8afccd8a3d22e12b068c166a2b602aedd7e1dec0c49e92715b97b,2024-06-10T18:15:31.123000
 CVE-2024-31226,0,0,c551125ecb7e722e7d385d0ba4ae8e898eaf339efee9a69cd1ef9cc05b64e374,2024-05-17T18:36:31.297000
 CVE-2024-31229,0,0,7de33a876b6efca66be6426e83eb27e50104659e2ffe406707b9d46bf22d8ac4,2024-04-18T13:04:28.900000
+CVE-2024-3123,1,1,077664528b24c8d413960b71aeca517636d59c90ab460b8f7fc14f3af3fbf5c4,2024-07-01T05:15:04.973000
 CVE-2024-31230,0,0,52cfa4cc0c105e0f4a014468a390d1fae46fb176c8f9a3fd8a419c5888fe92a6,2024-04-10T19:49:51.183000
 CVE-2024-31231,0,0,7a90a67619902f8027cbac8e85a666345818bb13d73948331e7d74a3cfb3017b,2024-05-17T18:36:05.263000
 CVE-2024-31232,0,0,cad67a9aeb5c3124c1be880038f56dec45c67ef781e0ef4774805dcd0727d613,2024-05-17T18:36:05.263000
@ -253577,6 +253585,7 @@ CVE-2024-38469,0,0,61f8d4e00b8eb0d7cc440bb61aa54e448e7d0cf937bc39055bad05a42163d
 CVE-2024-3847,0,0,a2146e655749d60cf9631f855db42a3d44cf07cd9a542fd1035e46bb9a6304c5,2024-05-03T03:16:29.293000
 CVE-2024-38470,0,0,4c268a4f5b43704204ee0794f0d14b8ed1a9214a7b71a5011526bcfa496d0f17,2024-06-20T12:44:22.977000
 CVE-2024-3848,0,0,cff2d1cd97f0b1f2183f9bb4edcf4fc45d9e2b8ab251b9953f6af6105249c0ec,2024-05-16T13:03:05.353000
+CVE-2024-38480,1,1,55fcc25081b437280f5b2899ccd6e294eb175aab5d45713b9d34b1ebb9fe75bb,2024-07-01T05:15:04.613000
 CVE-2024-3849,0,0,d4181d6192aab2f4a2b324451fbda7660fbd9621eb95f5f54a642a6a3d1e7d46,2024-05-02T18:00:37.360000
 CVE-2024-3850,0,0,bbe49076d39470df53cdf5186eea91a2b4a40256492f588a1ab86bd1ba5244b0,2024-06-12T18:12:56.413000
 CVE-2024-38504,0,0,1e5426a2fc921f282b30067463f89deeb7f3dcc78ec818fa823270612233ac4d,2024-06-20T12:44:01.637000
@ -255516,4 +255525,4 @@ CVE-2024-6415,0,0,62e9973ee32aafad192ff857247035567ab1ac1ef13febe846fa28737426c3
 CVE-2024-6416,0,0,42460422645508deba815384c205b5e704c0f5f916fb0a7b2efed93e1162e2e4,2024-06-30T22:15:02.113000
 CVE-2024-6417,0,0,32851c719cd1c65444d9f0687cd37e02fd9715c54484a0e16c9a397be6861748,2024-06-30T23:15:02.680000
 CVE-2024-6418,0,0,e6fe9ac34c4b22aecb612ef18a1b6ee75745c96c699586b14f82bdf1bd364999,2024-06-30T23:15:02.953000
-CVE-2024-6419,1,1,92807316841d932714223cfcd15bad518a4419bb5a5d3d4cee6d072592967cd4,2024-07-01T00:15:01.950000
+CVE-2024-6419,0,0,92807316841d932714223cfcd15bad518a4419bb5a5d3d4cee6d072592967cd4,2024-07-01T00:15:01.950000