Auto-Update: 2024-07-23T14:00:17.042468+00:00

CVE-2024/CVE-2024-341xx/CVE-2024-34128.json

@@ -0,0 +1,56 @@
+{
+  "id": "CVE-2024-34128",
+  "sourceIdentifier": "psirt@adobe.com",
+  "published": "2024-07-23T12:15:09.763",
+  "lastModified": "2024-07-23T12:15:09.763",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@adobe.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.3,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@adobe.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html",
+      "source": "psirt@adobe.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-418xx/CVE-2024-41836.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-41836",
+  "sourceIdentifier": "psirt@adobe.com",
+  "published": "2024-07-23T12:15:10.240",
+  "lastModified": "2024-07-23T12:15:10.240",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "InDesign Desktop versions ID18.5.2, ID19.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
+    },
+    {
+      "lang": "es",
+      "value": "Las versiones ID18.5.2, ID19.3 y anteriores de InDesign Desktop se ven afectadas por una vulnerabilidad de desreferencia de puntero nulo que podr\u00eda provocar una denegaci\u00f3n de servicio (DoS) de la aplicaci\u00f3n. Un atacante podr\u00eda aprovechar esta vulnerabilidad para bloquear la aplicaci\u00f3n, lo que provocar\u00eda una condici\u00f3n de denegaci\u00f3n de servicio. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@adobe.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@adobe.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-476"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://helpx.adobe.com/security/products/indesign/apsb24-48.html",
+      "source": "psirt@adobe.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-418xx/CVE-2024-41839.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-41839",
+  "sourceIdentifier": "psirt@adobe.com",
+  "published": "2024-07-23T12:15:10.520",
+  "lastModified": "2024-07-23T12:15:10.520",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could lead to a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation of this issue requires user interaction."
+    },
+    {
+      "lang": "es",
+      "value": "Las versiones 6.5.20 y anteriores de Adobe Experience Manager se ven afectadas por una vulnerabilidad de validaci\u00f3n de entrada incorrecta que podr\u00eda provocar una omisi\u00f3n de la funci\u00f3n de seguridad. Un atacante con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad para omitir las medidas de seguridad y afectar la integridad de la p\u00e1gina. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@adobe.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.1,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.3,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@adobe.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-20"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html",
+      "source": "psirt@adobe.com"
+    }
+  ]
+}

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-07-23T12:00:17.209754+00:00
+2024-07-23T14:00:17.042468+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-07-23T10:15:02.320000+00:00
+2024-07-23T12:15:10.520000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,14 +33,16 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-257826
+257829
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `1`
+Recently added CVEs: `3`
 
-- [CVE-2024-7014](CVE-2024/CVE-2024-70xx/CVE-2024-7014.json) (`2024-07-23T10:15:02.320`)
+- [CVE-2024-34128](CVE-2024/CVE-2024-341xx/CVE-2024-34128.json) (`2024-07-23T12:15:09.763`)
+- [CVE-2024-41836](CVE-2024/CVE-2024-418xx/CVE-2024-41836.json) (`2024-07-23T12:15:10.240`)
+- [CVE-2024-41839](CVE-2024/CVE-2024-418xx/CVE-2024-41839.json) (`2024-07-23T12:15:10.520`)
 
 
 ### CVEs modified in the last Commit

_state.csv

@@ -252083,6 +252083,7 @@ CVE-2024-3412,0,0,e50c7e3ae6f10b261f3da66fd6437a79038925b3952464be81ac0e7b8712c1
 CVE-2024-34120,0,0,59b2d9c769f5e7837181f42b948f1f4d6a71599cbcd1b502e5c0f6b22b12ebe5,2024-06-14T20:02:45.567000
 CVE-2024-34122,0,0,1f1afdb8bcd7920872d40bc049791e258094ad813a8f738f73973f16e8f185df,2024-07-02T17:44:45.700000
 CVE-2024-34123,0,0,60f48b7c1a1214b049b9220d35589296122b7174f3f0274e4f9438886e7fb319,2024-07-11T13:06:13.187000
+CVE-2024-34128,1,1,c593ef6aa2409394e2909ac7d50f53c977c58dcc4c7ebddfe344508dd50a7d07,2024-07-23T12:15:09.763000
 CVE-2024-34129,0,0,4b371bd2ce78a755ab5bce8486ffc40418a5eef964d8e637f4bd806924a46c43,2024-07-19T17:30:15.177000
 CVE-2024-3413,0,0,393490437f33ce616f0a6848540c1c0d3eed8ed2038327f28efd50e305f3828b,2024-05-17T02:39:54.073000
 CVE-2024-34130,0,0,39c33a1c2e45222da36d81ad20fcf2f2dae4088c0999d560d63f2526f4c81a40,2024-07-19T17:28:29.150000
@@ -255851,6 +255852,8 @@ CVE-2024-41827,0,0,715ad3c66183d764c98ea5ee168c80910fd9f5e98abd7aa1b21f8f5380727
 CVE-2024-41828,0,0,7731b0e8dac203c149972d38551edb3b0fc0a981392a786a8ef63785a16c7547,2024-07-22T15:15:05.270000
 CVE-2024-41829,0,0,93d1466d44910cc9b0281d221e234b59ab0caf3d6a4f1bf584b46869666f39cc,2024-07-22T15:15:05.487000
 CVE-2024-4183,0,0,c95eeb02531c25674be296e55025a1bd3e47bb47f078fa8bff79c7eea74c4268,2024-04-26T12:58:17.720000
+CVE-2024-41836,1,1,4defdc5dded1371e2feafa5c07aecf68f547f713f2d0eb5ac055614739958dc4,2024-07-23T12:15:10.240000
+CVE-2024-41839,1,1,01345eba14dd5354369d36ab32b39bca4ffda5c783f1ab69098d2f65c0a29b22,2024-07-23T12:15:10.520000
 CVE-2024-4185,0,0,2ebb1e96affd30f65338d1aa453a686ffeaefddcc6c26d6c3c25de17e937fc18,2024-04-30T13:11:16.690000
 CVE-2024-4186,0,0,c07cd0df6ca0a9d2dc3c3ba29e1f05004c0a2ac49601b699a13f07e112f9c5ca,2024-05-07T13:39:32.710000
 CVE-2024-41880,0,0,fc7c36755bde611f98a14eba2d59bf57bb96e394de6b28bc393d5261a53a802d,2024-07-22T19:15:02.990000
@@ -257824,4 +257827,4 @@ CVE-2024-6967,0,0,5f19e165dee42428e0d969fa8fc5f74084843adc50630c62175a00d155773d
 CVE-2024-6968,0,0,8e5752619c85b26bba4ce547fa3d54bdd5591cb73642b239c05438d96051005a,2024-07-22T13:00:31.330000
 CVE-2024-6969,0,0,b23347441c89b903c83a899acb9bf7f48b605b0728961bbb1ac995d86a8850d6,2024-07-22T13:00:31.330000
 CVE-2024-6970,0,0,521037b9963b74c39659cf9df97626ee5f8ca87b48a1750eb71f414432d46515,2024-07-22T13:00:31.330000
-CVE-2024-7014,1,1,3476760c5519b5fdcfe985af8a4d25fb6703a8c128669f198be6a5743e65cb39,2024-07-23T10:15:02.320000
+CVE-2024-7014,0,0,3476760c5519b5fdcfe985af8a4d25fb6703a8c128669f198be6a5743e65cb39,2024-07-23T10:15:02.320000