Auto-Update: 2024-01-11T00:55:25.309742+00:00

CVE-2022/CVE-2022-457xx/CVE-2022-45794.json

@@ -0,0 +1,59 @@
+{
+  "id": "CVE-2022-45794",
+  "sourceIdentifier": "ot-cert@dragos.com",
+  "published": "2024-01-10T23:15:08.397",
+  "lastModified": "2024-01-10T23:15:08.397",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An attacker with network access to the affected PLC (CJ-series and CS-series PLCs, all versions) may use a network protocol to read and write files form the PLC internal memory and memory card.\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "ot-cert@dragos.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 8.6,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 4.0
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "ot-cert@dragos.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-306"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/",
+      "source": "ot-cert@dragos.com"
+    },
+    {
+      "url": "https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-002_en.pdf",
+      "source": "ot-cert@dragos.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-419xx/CVE-2023-41999.json

@@ -2,8 +2,8 @@
   "id": "CVE-2023-41999",
   "sourceIdentifier": "vulnreport@tenable.com",
   "published": "2023-11-27T17:15:07.980",
-  "lastModified": "2023-12-04T14:41:44.107",
+  "lastModified": "2024-01-10T23:15:08.663",
-  "vulnStatus": "Analyzed",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
@@ -41,20 +41,20 @@
         "type": "Secondary",
         "cvssData": {
           "version": "3.1",
-          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
           "attackVector": "NETWORK",
           "attackComplexity": "LOW",
           "privilegesRequired": "NONE",
           "userInteraction": "NONE",
-          "scope": "CHANGED",
+          "scope": "UNCHANGED",
-          "confidentialityImpact": "LOW",
+          "confidentialityImpact": "HIGH",
-          "integrityImpact": "LOW",
+          "integrityImpact": "HIGH",
-          "availabilityImpact": "LOW",
+          "availabilityImpact": "HIGH",
-          "baseScore": 8.3,
+          "baseScore": 9.8,
-          "baseSeverity": "HIGH"
+          "baseSeverity": "CRITICAL"
         },
         "exploitabilityScore": 3.9,
-        "impactScore": 3.7
+        "impactScore": 5.9
       }
     ]
   },

CVE-2023/CVE-2023-420xx/CVE-2023-42000.json

@@ -2,8 +2,8 @@
   "id": "CVE-2023-42000",
   "sourceIdentifier": "vulnreport@tenable.com",
   "published": "2023-11-27T17:15:08.160",
-  "lastModified": "2023-12-04T14:42:39.750",
+  "lastModified": "2024-01-10T23:15:08.883",
-  "vulnStatus": "Analyzed",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
@@ -41,20 +41,20 @@
         "type": "Secondary",
         "cvssData": {
           "version": "3.1",
-          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
           "attackVector": "NETWORK",
           "attackComplexity": "LOW",
           "privilegesRequired": "NONE",
           "userInteraction": "NONE",
           "scope": "UNCHANGED",
-          "confidentialityImpact": "NONE",
+          "confidentialityImpact": "HIGH",
-          "integrityImpact": "LOW",
+          "integrityImpact": "HIGH",
-          "availabilityImpact": "LOW",
+          "availabilityImpact": "HIGH",
-          "baseScore": 6.5,
+          "baseScore": 9.8,
-          "baseSeverity": "MEDIUM"
+          "baseSeverity": "CRITICAL"
         },
         "exploitabilityScore": 3.9,
-        "impactScore": 2.5
+        "impactScore": 5.9
       }
     ]
   },

CVE-2023/CVE-2023-484xx/CVE-2023-48418.json

@@ -2,8 +2,8 @@
   "id": "CVE-2023-48418",
   "sourceIdentifier": "dsap-vuln-management@google.com",
   "published": "2024-01-02T23:15:11.000",
-  "lastModified": "2024-01-09T17:30:39.360",
+  "lastModified": "2024-01-10T23:15:09.053",
-  "vulnStatus": "Analyzed",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
@@ -110,6 +110,10 @@
     }
   ],
   "references": [
+    {
+      "url": "http://packetstormsecurity.com/files/176446/Android-DeviceVersionFragment.java-Privilege-Escalation.html",
+      "source": "dsap-vuln-management@google.com"
+    },
     {
       "url": "https://source.android.com/docs/security/bulletin/pixel-watch/2023/2023-12-01",
       "source": "dsap-vuln-management@google.com",

CVE-2024/CVE-2024-217xx/CVE-2024-21773.json

@@ -0,0 +1,36 @@
+{
+  "id": "CVE-2024-21773",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2024-01-11T00:15:44.560",
+  "lastModified": "2024-01-11T00:15:44.560",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX3000 firmware versions prior to \"Archer AX3000(JP)_V1_1.1.2 Build 20231115\", Archer AX5400 firmware versions prior to \"Archer AX5400(JP)_V1_1.1.2 Build 20231115\", Deco X50 firmware versions prior to \"Deco X50(JP)_V1_1.4.1 Build 20231122\", and Deco XE200 firmware versions prior to \"Deco XE200(JP)_V1_1.2.5 Build 20231120\"."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://jvn.jp/en/vu/JVNVU91401812/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.tp-link.com/jp/support/download/archer-ax3000/#Firmware",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.tp-link.com/jp/support/download/archer-ax5400/#Firmware",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.tp-link.com/jp/support/download/deco-x50/v1/#Firmware",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.tp-link.com/jp/support/download/deco-xe200/#Firmware",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}

CVE-2024/CVE-2024-218xx/CVE-2024-21821.json

@@ -0,0 +1,32 @@
+{
+  "id": "CVE-2024-21821",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2024-01-11T00:15:44.633",
+  "lastModified": "2024-01-11T00:15:44.633",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX3000 firmware versions prior to \"Archer AX3000(JP)_V1_1.1.2 Build 20231115\", Archer AX5400 firmware versions prior to \"Archer AX5400(JP)_V1_1.1.2 Build 20231115\", and Archer AXE75 firmware versions prior to \"Archer AXE75(JP)_V1_231115\"."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://jvn.jp/en/vu/JVNVU91401812/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.tp-link.com/jp/support/download/archer-ax3000/#Firmware",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.tp-link.com/jp/support/download/archer-ax5400/#Firmware",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.tp-link.com/jp/support/download/archer-axe75/#Firmware",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}

CVE-2024/CVE-2024-218xx/CVE-2024-21833.json

@@ -0,0 +1,40 @@
+{
+  "id": "CVE-2024-21833",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2024-01-11T00:15:44.683",
+  "lastModified": "2024-01-11T00:15:44.683",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX3000 firmware versions prior to \"Archer AX3000(JP)_V1_1.1.2 Build 20231115\", Archer AX5400 firmware versions prior to \"Archer AX5400(JP)_V1_1.1.2 Build 20231115\", Archer AXE75 firmware versions prior to \"Archer AXE75(JP)_V1_231115\", Deco X50 firmware versions prior to \"Deco X50(JP)_V1_1.4.1 Build 20231122\", and Deco XE200 firmware versions prior to \"Deco XE200(JP)_V1_1.2.5 Build 20231120\"."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://jvn.jp/en/vu/JVNVU91401812/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.tp-link.com/jp/support/download/archer-ax3000/#Firmware",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.tp-link.com/jp/support/download/archer-ax5400/#Firmware",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.tp-link.com/jp/support/download/archer-axe75/#Firmware",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.tp-link.com/jp/support/download/deco-x50/v1/#Firmware",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.tp-link.com/jp/support/download/deco-xe200/#Firmware",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-01-10T23:00:25.016727+00:00
+2024-01-11T00:55:25.309742+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-01-10T22:15:51.837000+00:00
+2024-01-11T00:15:44.683000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,50 +29,26 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-235537
+235541
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `69`
+Recently added CVEs: `4`
 
-* [CVE-2023-41987](CVE-2023/CVE-2023-419xx/CVE-2023-41987.json) (`2024-01-10T22:15:49.290`)
+* [CVE-2022-45794](CVE-2022/CVE-2022-457xx/CVE-2022-45794.json) (`2024-01-10T23:15:08.397`)
-* [CVE-2023-41994](CVE-2023/CVE-2023-419xx/CVE-2023-41994.json) (`2024-01-10T22:15:49.640`)
+* [CVE-2024-21773](CVE-2024/CVE-2024-217xx/CVE-2024-21773.json) (`2024-01-11T00:15:44.560`)
-* [CVE-2023-42826](CVE-2023/CVE-2023-428xx/CVE-2023-42826.json) (`2024-01-10T22:15:49.707`)
+* [CVE-2024-21821](CVE-2024/CVE-2024-218xx/CVE-2024-21821.json) (`2024-01-11T00:15:44.633`)
-* [CVE-2023-42828](CVE-2023/CVE-2023-428xx/CVE-2023-42828.json) (`2024-01-10T22:15:49.757`)
+* [CVE-2024-21833](CVE-2024/CVE-2024-218xx/CVE-2024-21833.json) (`2024-01-11T00:15:44.683`)
-* [CVE-2023-42829](CVE-2023/CVE-2023-428xx/CVE-2023-42829.json) (`2024-01-10T22:15:49.803`)
-* [CVE-2023-42830](CVE-2023/CVE-2023-428xx/CVE-2023-42830.json) (`2024-01-10T22:15:49.850`)
-* [CVE-2023-42831](CVE-2023/CVE-2023-428xx/CVE-2023-42831.json) (`2024-01-10T22:15:49.903`)
-* [CVE-2023-42832](CVE-2023/CVE-2023-428xx/CVE-2023-42832.json) (`2024-01-10T22:15:49.953`)
-* [CVE-2023-42833](CVE-2023/CVE-2023-428xx/CVE-2023-42833.json) (`2024-01-10T22:15:50.000`)
-* [CVE-2023-42862](CVE-2023/CVE-2023-428xx/CVE-2023-42862.json) (`2024-01-10T22:15:50.047`)
-* [CVE-2023-42865](CVE-2023/CVE-2023-428xx/CVE-2023-42865.json) (`2024-01-10T22:15:50.093`)
-* [CVE-2023-42866](CVE-2023/CVE-2023-428xx/CVE-2023-42866.json) (`2024-01-10T22:15:50.143`)
-* [CVE-2023-42869](CVE-2023/CVE-2023-428xx/CVE-2023-42869.json) (`2024-01-10T22:15:50.200`)
-* [CVE-2023-42870](CVE-2023/CVE-2023-428xx/CVE-2023-42870.json) (`2024-01-10T22:15:50.240`)
-* [CVE-2023-42871](CVE-2023/CVE-2023-428xx/CVE-2023-42871.json) (`2024-01-10T22:15:50.280`)
-* [CVE-2023-42872](CVE-2023/CVE-2023-428xx/CVE-2023-42872.json) (`2024-01-10T22:15:50.327`)
-* [CVE-2023-42876](CVE-2023/CVE-2023-428xx/CVE-2023-42876.json) (`2024-01-10T22:15:50.370`)
-* [CVE-2023-42929](CVE-2023/CVE-2023-429xx/CVE-2023-42929.json) (`2024-01-10T22:15:50.417`)
-* [CVE-2023-42933](CVE-2023/CVE-2023-429xx/CVE-2023-42933.json) (`2024-01-10T22:15:50.460`)
-* [CVE-2023-42934](CVE-2023/CVE-2023-429xx/CVE-2023-42934.json) (`2024-01-10T22:15:50.507`)
-* [CVE-2023-42941](CVE-2023/CVE-2023-429xx/CVE-2023-42941.json) (`2024-01-10T22:15:50.543`)
-* [CVE-2023-49295](CVE-2023/CVE-2023-492xx/CVE-2023-49295.json) (`2024-01-10T22:15:50.610`)
-* [CVE-2023-51123](CVE-2023/CVE-2023-511xx/CVE-2023-51123.json) (`2024-01-10T22:15:50.823`)
-* [CVE-2024-0333](CVE-2024/CVE-2024-03xx/CVE-2024-0333.json) (`2024-01-10T22:15:50.907`)
-* [CVE-2024-21638](CVE-2024/CVE-2024-216xx/CVE-2024-21638.json) (`2024-01-10T22:15:51.563`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `6`
+Recently modified CVEs: `3`
 
-* [CVE-2023-5981](CVE-2023/CVE-2023-59xx/CVE-2023-5981.json) (`2024-01-10T21:15:09.230`)
+* [CVE-2023-41999](CVE-2023/CVE-2023-419xx/CVE-2023-41999.json) (`2024-01-10T23:15:08.663`)
-* [CVE-2023-41991](CVE-2023/CVE-2023-419xx/CVE-2023-41991.json) (`2024-01-10T22:15:49.337`)
+* [CVE-2023-42000](CVE-2023/CVE-2023-420xx/CVE-2023-42000.json) (`2024-01-10T23:15:08.883`)
-* [CVE-2023-41992](CVE-2023/CVE-2023-419xx/CVE-2023-41992.json) (`2024-01-10T22:15:49.427`)
+* [CVE-2023-48418](CVE-2023/CVE-2023-484xx/CVE-2023-48418.json) (`2024-01-10T23:15:09.053`)
-* [CVE-2023-41993](CVE-2023/CVE-2023-419xx/CVE-2023-41993.json) (`2024-01-10T22:15:49.500`)
-* [CVE-2024-22164](CVE-2024/CVE-2024-221xx/CVE-2024-22164.json) (`2024-01-10T22:15:51.760`)
-* [CVE-2024-22165](CVE-2024/CVE-2024-221xx/CVE-2024-22165.json) (`2024-01-10T22:15:51.837`)
 
 
 ## Download and Usage