From 3f0c1292aa3374aa96ef9e71798e723c743b137a Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 1 Jul 2024 10:06:27 +0000 Subject: [PATCH] Auto-Update: 2024-07-01T10:03:34.206717+00:00 --- CVE-2023/CVE-2023-424xx/CVE-2023-42464.json | 9 ++++- CVE-2024/CVE-2024-01xx/CVE-2024-0153.json | 33 ++++++++++++++++ CVE-2024/CVE-2024-394xx/CVE-2024-39427.json | 44 +++++++++++++++++++++ CVE-2024/CVE-2024-394xx/CVE-2024-39428.json | 44 +++++++++++++++++++++ CVE-2024/CVE-2024-394xx/CVE-2024-39429.json | 44 +++++++++++++++++++++ CVE-2024/CVE-2024-394xx/CVE-2024-39430.json | 44 +++++++++++++++++++++ README.md | 17 ++++---- _state.csv | 13 ++++-- 8 files changed, 235 insertions(+), 13 deletions(-) create mode 100644 CVE-2024/CVE-2024-01xx/CVE-2024-0153.json create mode 100644 CVE-2024/CVE-2024-394xx/CVE-2024-39427.json create mode 100644 CVE-2024/CVE-2024-394xx/CVE-2024-39428.json create mode 100644 CVE-2024/CVE-2024-394xx/CVE-2024-39429.json create mode 100644 CVE-2024/CVE-2024-394xx/CVE-2024-39430.json diff --git a/CVE-2023/CVE-2023-424xx/CVE-2023-42464.json b/CVE-2023/CVE-2023-424xx/CVE-2023-42464.json index 3c610d10baa..72cd7e1d6a8 100644 --- a/CVE-2023/CVE-2023-424xx/CVE-2023-42464.json +++ b/CVE-2023/CVE-2023-424xx/CVE-2023-42464.json @@ -2,8 +2,9 @@ "id": "CVE-2023-42464", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-20T15:15:11.817", - "lastModified": "2024-01-12T22:18:33.463", - "vulnStatus": "Analyzed", + "lastModified": "2024-07-01T09:15:06.080", + "vulnStatus": "Modified", + "cveTags": [], "descriptions": [ { "lang": "en", @@ -107,6 +108,10 @@ "Third Party Advisory" ] }, + { + "url": "https://netatalk.io/security/CVE-2023-42464", + "source": "cve@mitre.org" + }, { "url": "https://netatalk.sourceforge.io/", "source": "cve@mitre.org", diff --git a/CVE-2024/CVE-2024-01xx/CVE-2024-0153.json b/CVE-2024/CVE-2024-01xx/CVE-2024-0153.json new file mode 100644 index 00000000000..c4df0a814f5 --- /dev/null +++ b/CVE-2024/CVE-2024-01xx/CVE-2024-0153.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-0153", + "sourceIdentifier": "arm-security@arm.com", + "published": "2024-07-01T09:15:06.343", + "lastModified": "2024-07-01T09:15:06.343", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Valhall GPU Firmware, Arm Ltd Arm 5th Gen GPU Architecture Firmware allows a local non-privileged user to make improper GPU processing operations to access a limited amount outside of buffer bounds. If the operations are carefully prepared, then this in turn could give them access to all system memory. This issue affects Valhall GPU Firmware: from r29p0 through r46p0; Arm 5th Gen GPU Architecture Firmware: from r41p0 through r46p0." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "arm-security@arm.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + } + ] + } + ], + "references": [ + { + "url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities", + "source": "arm-security@arm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-394xx/CVE-2024-39427.json b/CVE-2024/CVE-2024-394xx/CVE-2024-39427.json new file mode 100644 index 00000000000..cb41be892f4 --- /dev/null +++ b/CVE-2024/CVE-2024-394xx/CVE-2024-39427.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2024-39427", + "sourceIdentifier": "security@unisoc.com", + "published": "2024-07-01T09:15:06.493", + "lastModified": "2024-07-01T09:15:06.493", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In trusty service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@unisoc.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 2.5 + } + ] + }, + "references": [ + { + "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1807576926177525762", + "source": "security@unisoc.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-394xx/CVE-2024-39428.json b/CVE-2024/CVE-2024-394xx/CVE-2024-39428.json new file mode 100644 index 00000000000..7f149c56c19 --- /dev/null +++ b/CVE-2024/CVE-2024-394xx/CVE-2024-39428.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2024-39428", + "sourceIdentifier": "security@unisoc.com", + "published": "2024-07-01T09:15:06.720", + "lastModified": "2024-07-01T09:15:06.720", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In trusty service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@unisoc.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 4.2 + } + ] + }, + "references": [ + { + "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1807576926177525762", + "source": "security@unisoc.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-394xx/CVE-2024-39429.json b/CVE-2024/CVE-2024-394xx/CVE-2024-39429.json new file mode 100644 index 00000000000..34e0de242e0 --- /dev/null +++ b/CVE-2024/CVE-2024-394xx/CVE-2024-39429.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2024-39429", + "sourceIdentifier": "security@unisoc.com", + "published": "2024-07-01T09:15:06.893", + "lastModified": "2024-07-01T09:15:06.893", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In faceid servive, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@unisoc.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 2.5 + } + ] + }, + "references": [ + { + "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1807576926177525762", + "source": "security@unisoc.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-394xx/CVE-2024-39430.json b/CVE-2024/CVE-2024-394xx/CVE-2024-39430.json new file mode 100644 index 00000000000..0ac5c677c71 --- /dev/null +++ b/CVE-2024/CVE-2024-394xx/CVE-2024-39430.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2024-39430", + "sourceIdentifier": "security@unisoc.com", + "published": "2024-07-01T09:15:07.070", + "lastModified": "2024-07-01T09:15:07.070", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In faceid servive, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@unisoc.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 2.5 + } + ] + }, + "references": [ + { + "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1807576926177525762", + "source": "security@unisoc.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 009e7a05567..7b599f3452c 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-07-01T08:02:45.476976+00:00 +2024-07-01T10:03:34.206717+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-07-01T06:15:23.957000+00:00 +2024-07-01T09:15:07.070000+00:00 ``` ### Last Data Feed Release @@ -33,22 +33,25 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -255529 +255534 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `5` -- [CVE-2024-4934](CVE-2024/CVE-2024-49xx/CVE-2024-4934.json) (`2024-07-01T06:15:23.847`) -- [CVE-2024-6130](CVE-2024/CVE-2024-61xx/CVE-2024-6130.json) (`2024-07-01T06:15:23.957`) +- [CVE-2024-0153](CVE-2024/CVE-2024-01xx/CVE-2024-0153.json) (`2024-07-01T09:15:06.343`) +- [CVE-2024-39427](CVE-2024/CVE-2024-394xx/CVE-2024-39427.json) (`2024-07-01T09:15:06.493`) +- [CVE-2024-39428](CVE-2024/CVE-2024-394xx/CVE-2024-39428.json) (`2024-07-01T09:15:06.720`) +- [CVE-2024-39429](CVE-2024/CVE-2024-394xx/CVE-2024-39429.json) (`2024-07-01T09:15:06.893`) +- [CVE-2024-39430](CVE-2024/CVE-2024-394xx/CVE-2024-39430.json) (`2024-07-01T09:15:07.070`) ### CVEs modified in the last Commit Recently modified CVEs: `1` -- [CVE-2023-4727](CVE-2023/CVE-2023-47xx/CVE-2023-4727.json) (`2024-07-01T06:15:23.500`) +- [CVE-2023-42464](CVE-2023/CVE-2023-424xx/CVE-2023-42464.json) (`2024-07-01T09:15:06.080`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 4934e52785b..5634a4e96ce 100644 --- a/_state.csv +++ b/_state.csv @@ -231601,7 +231601,7 @@ CVE-2023-42460,0,0,052d6f5ed4dfd0d77c77cf8b6a496729c523835ccab719772417f838b3517 CVE-2023-42461,0,0,3520c1f3ac39278a8d8c3d4dd1e3ecdd7c69a40b2c547ecadfb3e1ae439829be,2023-09-29T14:36:16.040000 CVE-2023-42462,0,0,f2697a59ddf6ecc472bd0e84d3d4f79b2073ed6cc999197233ea753565e130dd,2023-09-29T14:05:08.350000 CVE-2023-42463,0,0,9af5b8834648c08f228ce290cbc665ca2fdab30c63f40498be9c8026b678b831,2024-01-25T16:09:07.937000 -CVE-2023-42464,0,0,725cda30297af21b67bf03a514e07b4a39a1a9bbc088fed642b3ef76bc76b146,2024-01-12T22:18:33.463000 +CVE-2023-42464,0,1,95d22fca0fee18588cd128279b9016874e414c42245be69d4f4660a2b45c5094,2024-07-01T09:15:06.080000 CVE-2023-42465,0,0,d3edcdf066dde8588c1e0123d917f48474cfcb921f5df713321696b941d7a350,2024-02-18T03:15:07.767000 CVE-2023-42467,0,0,5caea4cff335f5cd1c49ec0fcf7e54ae0ee6358f319d3eb15814e6c5d8c0759c,2023-11-04T06:15:51.847000 CVE-2023-42468,0,0,a5562e6b54113da0b273b9e7a51395a771ce68334b1b78aae8b3997814316546,2023-09-18T18:36:35.480000 @@ -234914,7 +234914,7 @@ CVE-2023-47263,0,0,677ab9fce589c1d1a7e84495fba44efba88975d28c1c0b358eaa4e3b2e310 CVE-2023-47264,0,0,9faf020667cc25f07dfb8382df553caabe75eac9b1668d9c999deccefa85a8b6,2023-12-01T18:32:28.423000 CVE-2023-47265,0,0,e5dd3e8f07e2cde29a7b164b7d2f2d8fb5d2648b52cb927855305ced52fdae4d,2023-12-28T14:00:15.887000 CVE-2023-47267,0,0,7af787055fd484ddb13b770f63a574a7140e8e765ce3a9c07340594a128f888a,2023-12-29T03:11:24.070000 -CVE-2023-4727,0,1,8e732098410b5a5359141885e0195cfe5555582d292a0bea826d6d65d9419217,2024-07-01T06:15:23.500000 +CVE-2023-4727,0,0,8e732098410b5a5359141885e0195cfe5555582d292a0bea826d6d65d9419217,2024-07-01T06:15:23.500000 CVE-2023-47271,0,0,9cc05b4e0b65c52657ed8cdc25e16f6a7fc3036ff1196f68571bcac4e63323c6,2023-12-20T01:15:07.297000 CVE-2023-47272,0,0,6e28ab19abbf3b1b70b10399ba447a3637cdf3f4443fc6db792243e0885fe9db,2023-12-28T17:24:36.373000 CVE-2023-47279,0,0,77443ef453c9d718722250faa2452d8d4368ad781c70a56bce601eb3ebab7163,2023-12-06T18:38:55.820000 @@ -240680,6 +240680,7 @@ CVE-2024-0099,0,0,922026d11edb09689a5419f4b6981b91f643282898008757d63b84ab582e71 CVE-2024-0100,0,0,bbf51d2ce3c3a951e3f6f4fb5d57dd8d1c73fdd75ab0ade8734c57fcf29d357b,2024-05-14T16:13:02.773000 CVE-2024-0103,0,0,c0f8f807fdf8426bc2106e7af79b6cd7b7308e8ea4f1780be6db3fdc6d1d8cf2,2024-06-17T12:43:31.090000 CVE-2024-0151,0,0,aafc841cfb528b9ef4d150e11c8565679b9331c9ad5bf3569e38f74d72962c86,2024-04-25T08:15:07.420000 +CVE-2024-0153,1,1,db5fbf5069a0373aa6dd151d1dc24f802b05515be80a72e6da9193fc3259f404,2024-07-01T09:15:06.343000 CVE-2024-0154,0,0,fee6d0edd38400fe9a2f331d67a355be9bc81701717352554939ef10dafbbf73,2024-03-13T18:15:58.530000 CVE-2024-0155,0,0,56d3003aea28bbff1e776f33de697fc847d720d7a8270931f6c22f264f5611eb,2024-03-04T13:58:23.447000 CVE-2024-0156,0,0,47a5ee4f12284e0f109441891942aa0eb589b2387e172b6366b6741bcabc51b4,2024-03-04T13:58:23.447000 @@ -253846,7 +253847,11 @@ CVE-2024-3939,0,0,8db4cbfcc78e197894431199cdad6af4ac1ac13ee2f1028e231ba1f9079317 CVE-2024-3940,0,0,52f7bf6d70193ddf6b45db8d32585f84af1f44b7487d20897766e34b437b8581,2024-05-14T16:11:39.510000 CVE-2024-3941,0,0,3315566f834adaa65bc779c72609390662785ebcc4aac50a6cb30731cb96d90c,2024-05-14T16:11:39.510000 CVE-2024-3942,0,0,e822d69f7c80cdc7914f6c6d228f749a2878411b19bb34f624a4ef0b72687edf,2024-05-02T18:00:37.360000 +CVE-2024-39427,1,1,97ebd32b94b990e6a96aade54601ab1fede76695773d47c643ab956eb9e6420b,2024-07-01T09:15:06.493000 +CVE-2024-39428,1,1,fdca9ac58fdcb5c4a018626e1f08f6383edc562d9c099912b8be86e42a849c58,2024-07-01T09:15:06.720000 +CVE-2024-39429,1,1,19c7465af4b4d1acbd63407a3f742cf0809d20c02be61deb95b849cbb7c38fd2,2024-07-01T09:15:06.893000 CVE-2024-3943,0,0,e07ef944084da93a178b1d893c19c63f640132688c11e19da99f30e04e5e47e2,2024-05-30T13:15:41.297000 +CVE-2024-39430,1,1,284310b6f1d6a2b38d75f5dde401069ef17e08698c98ddf6f5ba6c3cab3d25a0,2024-07-01T09:15:07.070000 CVE-2024-3945,0,0,87d1ab8fe16ba408f307c5379ed22b3c751c5d4b07b1a3f5bec08826673ff46f,2024-05-30T13:15:41.297000 CVE-2024-39458,0,0,fddd464380a09267e09b57b66272561b89c59455a10d641fa61f771d4f530d41,2024-06-27T12:47:19.847000 CVE-2024-39459,0,0,d1d8498393c450e178fa7bc147e75f870b75d424b183c32cba625d84c2757e63,2024-06-27T12:47:19.847000 @@ -254671,7 +254676,7 @@ CVE-2024-4930,0,0,6ff76d7aaffb879ad1ba04c82aee4d6862810bf82c41e96981364c74ee8131 CVE-2024-4931,0,0,83efd803f055d34e0373b998807732a66d1be28ff93405fe1ae45ba9ee6af2a3,2024-06-04T19:20:54.543000 CVE-2024-4932,0,0,2da4bffdf4d6e38ae009aae9065c7b2f8049c53fc8beaf73dfbb4354175c5b68,2024-05-17T02:40:43.357000 CVE-2024-4933,0,0,9fe90c4f8856bf6bdad48e78d639ea10366bef215c1d0d507cc52649860ab1b1,2024-06-04T19:20:54.643000 -CVE-2024-4934,1,1,6199c6082df89b8cd0bd1353d23a00d0f49be5cb7c793c5bf2645e1b9c18a302,2024-07-01T06:15:23.847000 +CVE-2024-4934,0,0,6199c6082df89b8cd0bd1353d23a00d0f49be5cb7c793c5bf2645e1b9c18a302,2024-07-01T06:15:23.847000 CVE-2024-4936,0,0,a731ea39a2abdd8ed5ffb7274944b4c3b5578233bd6509536eab3c4454adaafe,2024-06-17T12:42:04.623000 CVE-2024-4939,0,0,6859feec38f69c636602db339fa7ab03b302bd67a24dc957bb8f045d97aede0c,2024-06-11T17:08:33.350000 CVE-2024-4940,0,0,cb78cb49a43bd348a99dcd2f7e1d39ee831dc08e65c1988e89651f8662313063,2024-06-24T12:57:36.513000 @@ -255418,7 +255423,7 @@ CVE-2024-6125,0,0,85b92914638eb24a081146fd823c584c2333b183768ef26d618955e8364631 CVE-2024-6127,0,0,8f3f3591469382ebb006087ec5b5be799ca274948ebd71b090f997c1ae2c89a9,2024-06-28T10:27:00.920000 CVE-2024-6128,0,0,cd2531d89b3a76f4be34b5ead44f5b65458326ae9dfb5c97dcd0243e237eb5b3,2024-06-21T16:15:12.570000 CVE-2024-6129,0,0,dfa20fd20a0a3099fcdc2f66c56de27040819ee45bd7efe66cb95f894b77d645,2024-06-20T12:44:01.637000 -CVE-2024-6130,1,1,4dec67f3f43a5f70bce86d325489d8791714dd8bdb534ec2e2d88fdd2f96eaf4,2024-07-01T06:15:23.957000 +CVE-2024-6130,0,0,4dec67f3f43a5f70bce86d325489d8791714dd8bdb534ec2e2d88fdd2f96eaf4,2024-07-01T06:15:23.957000 CVE-2024-6132,0,0,c816ab5ddbf096dbfac6131f33b5d3d3e264dd5fbb695e6c347719e5920b43ca,2024-06-20T12:44:01.637000 CVE-2024-6139,0,0,5267393f199f3e6d04675c179e30c182dfe9af96089cf21d4ca0eef7a0895473,2024-06-27T19:25:12.067000 CVE-2024-6142,0,0,23f480e47c156f1dad9ad13e0d7590969d38d5491fbe00b3021017412ace7767,2024-06-20T12:44:01.637000