From 6d81f1ded792141e0d3228b9fc792867c25c12b8 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 15 Feb 2024 13:00:40 +0000 Subject: [PATCH] Auto-Update: 2024-02-15T13:00:37.140922+00:00 --- CVE-2022/CVE-2022-479xx/CVE-2022-47925.json | 16 +++--- CVE-2023/CVE-2023-503xx/CVE-2023-50356.json | 24 ++++----- CVE-2023/CVE-2023-503xx/CVE-2023-50357.json | 18 +++---- CVE-2023/CVE-2023-65xx/CVE-2023-6545.json | 14 +++--- CVE-2024/CVE-2024-207xx/CVE-2024-20722.json | 55 +++++++++++++++++++++ CVE-2024/CVE-2024-207xx/CVE-2024-20723.json | 55 +++++++++++++++++++++ CVE-2024/CVE-2024-207xx/CVE-2024-20724.json | 55 +++++++++++++++++++++ CVE-2024/CVE-2024-207xx/CVE-2024-20725.json | 55 +++++++++++++++++++++ CVE-2024/CVE-2024-207xx/CVE-2024-20740.json | 55 +++++++++++++++++++++ CVE-2024/CVE-2024-207xx/CVE-2024-20741.json | 55 +++++++++++++++++++++ CVE-2024/CVE-2024-207xx/CVE-2024-20742.json | 55 +++++++++++++++++++++ CVE-2024/CVE-2024-207xx/CVE-2024-20743.json | 55 +++++++++++++++++++++ CVE-2024/CVE-2024-207xx/CVE-2024-20744.json | 55 +++++++++++++++++++++ README.md | 52 +++++++------------ 14 files changed, 549 insertions(+), 70 deletions(-) create mode 100644 CVE-2024/CVE-2024-207xx/CVE-2024-20722.json create mode 100644 CVE-2024/CVE-2024-207xx/CVE-2024-20723.json create mode 100644 CVE-2024/CVE-2024-207xx/CVE-2024-20724.json create mode 100644 CVE-2024/CVE-2024-207xx/CVE-2024-20725.json create mode 100644 CVE-2024/CVE-2024-207xx/CVE-2024-20740.json create mode 100644 CVE-2024/CVE-2024-207xx/CVE-2024-20741.json create mode 100644 CVE-2024/CVE-2024-207xx/CVE-2024-20742.json create mode 100644 CVE-2024/CVE-2024-207xx/CVE-2024-20743.json create mode 100644 CVE-2024/CVE-2024-207xx/CVE-2024-20744.json diff --git a/CVE-2022/CVE-2022-479xx/CVE-2022-47925.json b/CVE-2022/CVE-2022-479xx/CVE-2022-47925.json index 4272bb49d3d..32789def28a 100644 --- a/CVE-2022/CVE-2022-479xx/CVE-2022-47925.json +++ b/CVE-2022/CVE-2022-479xx/CVE-2022-47925.json @@ -2,7 +2,7 @@ "id": "CVE-2022-47925", "sourceIdentifier": "info@cert.vde.com", "published": "2023-03-27T14:15:07.767", - "lastModified": "2023-11-07T10:15:08.140", + "lastModified": "2024-02-15T11:15:08.203", "vulnStatus": "Modified", "descriptions": [ { @@ -13,7 +13,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "info@cert.vde.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -33,11 +33,11 @@ "impactScore": 3.6 }, { - "source": "info@cert.vde.com", + "source": "nvd@nist.gov", "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -45,12 +45,12 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", - "availabilityImpact": "LOW", - "baseScore": 5.3, - "baseSeverity": "MEDIUM" + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" }, "exploitabilityScore": 3.9, - "impactScore": 1.4 + "impactScore": 3.6 } ] }, diff --git a/CVE-2023/CVE-2023-503xx/CVE-2023-50356.json b/CVE-2023/CVE-2023-503xx/CVE-2023-50356.json index f05c7fbb9a8..3be69393003 100644 --- a/CVE-2023/CVE-2023-503xx/CVE-2023-50356.json +++ b/CVE-2023/CVE-2023-503xx/CVE-2023-50356.json @@ -2,12 +2,12 @@ "id": "CVE-2023-50356", "sourceIdentifier": "info@cert.vde.com", "published": "2024-01-31T11:15:07.910", - "lastModified": "2024-02-09T01:00:50.277", - "vulnStatus": "Analyzed", + "lastModified": "2024-02-15T11:15:09.127", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "SSL connections to NOVELL and Synology LDAP server are vulnerable to a man-in-the-middle attack due to improper certificate validation in AREAL Topkapi Vision (Server). This allows a remote unauthenticated attacker to gather sensitive information and prevent valid users from login." + "value": "SSL connections to some LDAP servers are vulnerable to a man-in-the-middle attack due to improper certificate validation in AREAL Topkapi Vision (Server). This allows a remote unauthenticated attacker to gather sensitive information and prevent valid users from login." }, { "lang": "es", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "info@cert.vde.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -37,24 +37,24 @@ "impactScore": 4.2 }, { - "source": "info@cert.vde.com", + "source": "nvd@nist.gov", "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L", "attackVector": "NETWORK", - "attackComplexity": "LOW", + "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", - "availabilityImpact": "HIGH", - "baseScore": 9.1, - "baseSeverity": "CRITICAL" + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 3.9, - "impactScore": 5.2 + "exploitabilityScore": 2.2, + "impactScore": 4.2 } ] }, diff --git a/CVE-2023/CVE-2023-503xx/CVE-2023-50357.json b/CVE-2023/CVE-2023-503xx/CVE-2023-50357.json index be920cdf755..2b883960f68 100644 --- a/CVE-2023/CVE-2023-503xx/CVE-2023-50357.json +++ b/CVE-2023/CVE-2023-503xx/CVE-2023-50357.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50357", "sourceIdentifier": "info@cert.vde.com", "published": "2024-01-31T11:15:08.513", - "lastModified": "2024-02-08T17:40:13.563", - "vulnStatus": "Analyzed", + "lastModified": "2024-02-15T11:15:09.717", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "info@cert.vde.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -37,24 +37,24 @@ "impactScore": 2.7 }, { - "source": "info@cert.vde.com", + "source": "nvd@nist.gov", "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", - "scope": "UNCHANGED", + "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", - "baseScore": 4.6, + "baseScore": 5.4, "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 2.1, - "impactScore": 2.5 + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6545.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6545.json index 78b1de3b437..819726c504e 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6545.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6545.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6545", "sourceIdentifier": "info@cert.vde.com", "published": "2023-12-14T14:15:45.753", - "lastModified": "2023-12-19T18:35:44.263", - "vulnStatus": "Analyzed", + "lastModified": "2024-02-15T11:15:10.127", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "info@cert.vde.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -37,20 +37,20 @@ "impactScore": 1.4 }, { - "source": "info@cert.vde.com", + "source": "nvd@nist.gov", "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", - "scope": "UNCHANGED", + "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", - "baseScore": 4.3, + "baseScore": 4.7, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 2.8, diff --git a/CVE-2024/CVE-2024-207xx/CVE-2024-20722.json b/CVE-2024/CVE-2024-207xx/CVE-2024-20722.json new file mode 100644 index 00000000000..e5c6a260e2e --- /dev/null +++ b/CVE-2024/CVE-2024-207xx/CVE-2024-20722.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-20722", + "sourceIdentifier": "psirt@adobe.com", + "published": "2024-02-15T11:15:10.750", + "lastModified": "2024-02-15T11:15:10.750", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb24-04.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-207xx/CVE-2024-20723.json b/CVE-2024/CVE-2024-207xx/CVE-2024-20723.json new file mode 100644 index 00000000000..49d04e9fbc1 --- /dev/null +++ b/CVE-2024/CVE-2024-207xx/CVE-2024-20723.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-20723", + "sourceIdentifier": "psirt@adobe.com", + "published": "2024-02-15T11:15:11.383", + "lastModified": "2024-02-15T11:15:11.383", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Substance3D - Painter versions 9.1.1 and earlier are affected by a Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb24-04.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-207xx/CVE-2024-20724.json b/CVE-2024/CVE-2024-207xx/CVE-2024-20724.json new file mode 100644 index 00000000000..c7b00f5f08d --- /dev/null +++ b/CVE-2024/CVE-2024-207xx/CVE-2024-20724.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-20724", + "sourceIdentifier": "psirt@adobe.com", + "published": "2024-02-15T11:15:11.797", + "lastModified": "2024-02-15T11:15:11.797", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb24-04.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-207xx/CVE-2024-20725.json b/CVE-2024/CVE-2024-207xx/CVE-2024-20725.json new file mode 100644 index 00000000000..db39afbfdb9 --- /dev/null +++ b/CVE-2024/CVE-2024-207xx/CVE-2024-20725.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-20725", + "sourceIdentifier": "psirt@adobe.com", + "published": "2024-02-15T11:15:12.237", + "lastModified": "2024-02-15T11:15:12.237", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb24-04.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-207xx/CVE-2024-20740.json b/CVE-2024/CVE-2024-207xx/CVE-2024-20740.json new file mode 100644 index 00000000000..35a51c4c676 --- /dev/null +++ b/CVE-2024/CVE-2024-207xx/CVE-2024-20740.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-20740", + "sourceIdentifier": "psirt@adobe.com", + "published": "2024-02-15T11:15:12.623", + "lastModified": "2024-02-15T11:15:12.623", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb24-04.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-207xx/CVE-2024-20741.json b/CVE-2024/CVE-2024-207xx/CVE-2024-20741.json new file mode 100644 index 00000000000..998df8b910b --- /dev/null +++ b/CVE-2024/CVE-2024-207xx/CVE-2024-20741.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-20741", + "sourceIdentifier": "psirt@adobe.com", + "published": "2024-02-15T11:15:12.990", + "lastModified": "2024-02-15T11:15:12.990", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Substance3D - Painter versions 9.1.1 and earlier are affected by a Write-what-where Condition vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-123" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb24-04.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-207xx/CVE-2024-20742.json b/CVE-2024/CVE-2024-207xx/CVE-2024-20742.json new file mode 100644 index 00000000000..66cc5ee8c1d --- /dev/null +++ b/CVE-2024/CVE-2024-207xx/CVE-2024-20742.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-20742", + "sourceIdentifier": "psirt@adobe.com", + "published": "2024-02-15T11:15:13.417", + "lastModified": "2024-02-15T11:15:13.417", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb24-04.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-207xx/CVE-2024-20743.json b/CVE-2024/CVE-2024-207xx/CVE-2024-20743.json new file mode 100644 index 00000000000..a122cc0478a --- /dev/null +++ b/CVE-2024/CVE-2024-207xx/CVE-2024-20743.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-20743", + "sourceIdentifier": "psirt@adobe.com", + "published": "2024-02-15T11:15:13.697", + "lastModified": "2024-02-15T11:15:13.697", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb24-04.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-207xx/CVE-2024-20744.json b/CVE-2024/CVE-2024-207xx/CVE-2024-20744.json new file mode 100644 index 00000000000..5c5f49ad4fd --- /dev/null +++ b/CVE-2024/CVE-2024-207xx/CVE-2024-20744.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-20744", + "sourceIdentifier": "psirt@adobe.com", + "published": "2024-02-15T11:15:14.063", + "lastModified": "2024-02-15T11:15:14.063", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb24-04.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index bb2356259d1..1ad48006420 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-02-15T11:01:10.322305+00:00 +2024-02-15T13:00:37.140922+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-02-15T10:15:20.657000+00:00 +2024-02-15T11:15:14.063000+00:00 ``` ### Last Data Feed Release @@ -29,48 +29,32 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -238644 +238653 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `9` -* [CVE-2023-4537](CVE-2023/CVE-2023-45xx/CVE-2023-4537.json) (`2024-02-15T09:15:33.273`) -* [CVE-2023-4538](CVE-2023/CVE-2023-45xx/CVE-2023-4538.json) (`2024-02-15T09:15:33.557`) -* [CVE-2023-4539](CVE-2023/CVE-2023-45xx/CVE-2023-4539.json) (`2024-02-15T09:15:33.740`) -* [CVE-2024-0390](CVE-2024/CVE-2024-03xx/CVE-2024-0390.json) (`2024-02-15T10:15:09.043`) +* [CVE-2024-20722](CVE-2024/CVE-2024-207xx/CVE-2024-20722.json) (`2024-02-15T11:15:10.750`) +* [CVE-2024-20723](CVE-2024/CVE-2024-207xx/CVE-2024-20723.json) (`2024-02-15T11:15:11.383`) +* [CVE-2024-20724](CVE-2024/CVE-2024-207xx/CVE-2024-20724.json) (`2024-02-15T11:15:11.797`) +* [CVE-2024-20725](CVE-2024/CVE-2024-207xx/CVE-2024-20725.json) (`2024-02-15T11:15:12.237`) +* [CVE-2024-20740](CVE-2024/CVE-2024-207xx/CVE-2024-20740.json) (`2024-02-15T11:15:12.623`) +* [CVE-2024-20741](CVE-2024/CVE-2024-207xx/CVE-2024-20741.json) (`2024-02-15T11:15:12.990`) +* [CVE-2024-20742](CVE-2024/CVE-2024-207xx/CVE-2024-20742.json) (`2024-02-15T11:15:13.417`) +* [CVE-2024-20743](CVE-2024/CVE-2024-207xx/CVE-2024-20743.json) (`2024-02-15T11:15:13.697`) +* [CVE-2024-20744](CVE-2024/CVE-2024-207xx/CVE-2024-20744.json) (`2024-02-15T11:15:14.063`) ### CVEs modified in the last Commit -Recently modified CVEs: `43` +Recently modified CVEs: `4` -* [CVE-2024-23872](CVE-2024/CVE-2024-238xx/CVE-2024-23872.json) (`2024-02-15T10:15:14.013`) -* [CVE-2024-23873](CVE-2024/CVE-2024-238xx/CVE-2024-23873.json) (`2024-02-15T10:15:14.313`) -* [CVE-2024-23874](CVE-2024/CVE-2024-238xx/CVE-2024-23874.json) (`2024-02-15T10:15:14.577`) -* [CVE-2024-23875](CVE-2024/CVE-2024-238xx/CVE-2024-23875.json) (`2024-02-15T10:15:14.900`) -* [CVE-2024-23876](CVE-2024/CVE-2024-238xx/CVE-2024-23876.json) (`2024-02-15T10:15:15.150`) -* [CVE-2024-23877](CVE-2024/CVE-2024-238xx/CVE-2024-23877.json) (`2024-02-15T10:15:15.450`) -* [CVE-2024-23878](CVE-2024/CVE-2024-238xx/CVE-2024-23878.json) (`2024-02-15T10:15:15.707`) -* [CVE-2024-23879](CVE-2024/CVE-2024-238xx/CVE-2024-23879.json) (`2024-02-15T10:15:16.013`) -* [CVE-2024-23880](CVE-2024/CVE-2024-238xx/CVE-2024-23880.json) (`2024-02-15T10:15:16.270`) -* [CVE-2024-23881](CVE-2024/CVE-2024-238xx/CVE-2024-23881.json) (`2024-02-15T10:15:16.540`) -* [CVE-2024-23882](CVE-2024/CVE-2024-238xx/CVE-2024-23882.json) (`2024-02-15T10:15:16.773`) -* [CVE-2024-23883](CVE-2024/CVE-2024-238xx/CVE-2024-23883.json) (`2024-02-15T10:15:17.077`) -* [CVE-2024-23884](CVE-2024/CVE-2024-238xx/CVE-2024-23884.json) (`2024-02-15T10:15:17.360`) -* [CVE-2024-23885](CVE-2024/CVE-2024-238xx/CVE-2024-23885.json) (`2024-02-15T10:15:17.653`) -* [CVE-2024-23886](CVE-2024/CVE-2024-238xx/CVE-2024-23886.json) (`2024-02-15T10:15:17.903`) -* [CVE-2024-23887](CVE-2024/CVE-2024-238xx/CVE-2024-23887.json) (`2024-02-15T10:15:18.193`) -* [CVE-2024-23888](CVE-2024/CVE-2024-238xx/CVE-2024-23888.json) (`2024-02-15T10:15:18.453`) -* [CVE-2024-23889](CVE-2024/CVE-2024-238xx/CVE-2024-23889.json) (`2024-02-15T10:15:18.750`) -* [CVE-2024-23890](CVE-2024/CVE-2024-238xx/CVE-2024-23890.json) (`2024-02-15T10:15:18.997`) -* [CVE-2024-23891](CVE-2024/CVE-2024-238xx/CVE-2024-23891.json) (`2024-02-15T10:15:19.320`) -* [CVE-2024-23892](CVE-2024/CVE-2024-238xx/CVE-2024-23892.json) (`2024-02-15T10:15:19.567`) -* [CVE-2024-23893](CVE-2024/CVE-2024-238xx/CVE-2024-23893.json) (`2024-02-15T10:15:19.850`) -* [CVE-2024-23894](CVE-2024/CVE-2024-238xx/CVE-2024-23894.json) (`2024-02-15T10:15:20.110`) -* [CVE-2024-23895](CVE-2024/CVE-2024-238xx/CVE-2024-23895.json) (`2024-02-15T10:15:20.403`) -* [CVE-2024-23896](CVE-2024/CVE-2024-238xx/CVE-2024-23896.json) (`2024-02-15T10:15:20.657`) +* [CVE-2022-47925](CVE-2022/CVE-2022-479xx/CVE-2022-47925.json) (`2024-02-15T11:15:08.203`) +* [CVE-2023-50356](CVE-2023/CVE-2023-503xx/CVE-2023-50356.json) (`2024-02-15T11:15:09.127`) +* [CVE-2023-50357](CVE-2023/CVE-2023-503xx/CVE-2023-50357.json) (`2024-02-15T11:15:09.717`) +* [CVE-2023-6545](CVE-2023/CVE-2023-65xx/CVE-2023-6545.json) (`2024-02-15T11:15:10.127`) ## Download and Usage