From 7020558c80cea579e151aede2b1309f84ae762c0 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 6 Feb 2024 05:00:27 +0000 Subject: [PATCH] Auto-Update: 2024-02-06T05:00:24.160042+00:00 --- CVE-2024/CVE-2024-208xx/CVE-2024-20810.json | 43 +++++++++++++ CVE-2024/CVE-2024-208xx/CVE-2024-20811.json | 43 +++++++++++++ CVE-2024/CVE-2024-208xx/CVE-2024-20812.json | 43 +++++++++++++ CVE-2024/CVE-2024-208xx/CVE-2024-20813.json | 43 +++++++++++++ CVE-2024/CVE-2024-208xx/CVE-2024-20814.json | 43 +++++++++++++ CVE-2024/CVE-2024-208xx/CVE-2024-20815.json | 43 +++++++++++++ CVE-2024/CVE-2024-208xx/CVE-2024-20816.json | 43 +++++++++++++ CVE-2024/CVE-2024-208xx/CVE-2024-20817.json | 43 +++++++++++++ CVE-2024/CVE-2024-208xx/CVE-2024-20818.json | 43 +++++++++++++ CVE-2024/CVE-2024-208xx/CVE-2024-20819.json | 43 +++++++++++++ CVE-2024/CVE-2024-208xx/CVE-2024-20820.json | 43 +++++++++++++ CVE-2024/CVE-2024-208xx/CVE-2024-20822.json | 43 +++++++++++++ CVE-2024/CVE-2024-208xx/CVE-2024-20823.json | 43 +++++++++++++ CVE-2024/CVE-2024-208xx/CVE-2024-20824.json | 43 +++++++++++++ CVE-2024/CVE-2024-208xx/CVE-2024-20825.json | 43 +++++++++++++ CVE-2024/CVE-2024-208xx/CVE-2024-20826.json | 43 +++++++++++++ CVE-2024/CVE-2024-208xx/CVE-2024-20827.json | 43 +++++++++++++ CVE-2024/CVE-2024-208xx/CVE-2024-20828.json | 43 +++++++++++++ CVE-2024/CVE-2024-248xx/CVE-2024-24808.json | 59 +++++++++++++++++ README.md | 70 +++++++-------------- 20 files changed, 857 insertions(+), 46 deletions(-) create mode 100644 CVE-2024/CVE-2024-208xx/CVE-2024-20810.json create mode 100644 CVE-2024/CVE-2024-208xx/CVE-2024-20811.json create mode 100644 CVE-2024/CVE-2024-208xx/CVE-2024-20812.json create mode 100644 CVE-2024/CVE-2024-208xx/CVE-2024-20813.json create mode 100644 CVE-2024/CVE-2024-208xx/CVE-2024-20814.json create mode 100644 CVE-2024/CVE-2024-208xx/CVE-2024-20815.json create mode 100644 CVE-2024/CVE-2024-208xx/CVE-2024-20816.json create mode 100644 CVE-2024/CVE-2024-208xx/CVE-2024-20817.json create mode 100644 CVE-2024/CVE-2024-208xx/CVE-2024-20818.json create mode 100644 CVE-2024/CVE-2024-208xx/CVE-2024-20819.json create mode 100644 CVE-2024/CVE-2024-208xx/CVE-2024-20820.json create mode 100644 CVE-2024/CVE-2024-208xx/CVE-2024-20822.json create mode 100644 CVE-2024/CVE-2024-208xx/CVE-2024-20823.json create mode 100644 CVE-2024/CVE-2024-208xx/CVE-2024-20824.json create mode 100644 CVE-2024/CVE-2024-208xx/CVE-2024-20825.json create mode 100644 CVE-2024/CVE-2024-208xx/CVE-2024-20826.json create mode 100644 CVE-2024/CVE-2024-208xx/CVE-2024-20827.json create mode 100644 CVE-2024/CVE-2024-208xx/CVE-2024-20828.json create mode 100644 CVE-2024/CVE-2024-248xx/CVE-2024-24808.json diff --git a/CVE-2024/CVE-2024-208xx/CVE-2024-20810.json b/CVE-2024/CVE-2024-208xx/CVE-2024-20810.json new file mode 100644 index 00000000000..ae2851adac4 --- /dev/null +++ b/CVE-2024/CVE-2024-208xx/CVE-2024-20810.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-20810", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2024-02-06T03:15:07.723", + "lastModified": "2024-02-06T03:15:07.723", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Implicit intent hijacking vulnerability in Smart Suggestions prior to SMR Feb-2024 Release 1 allows attackers to get sensitive information." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=02", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-208xx/CVE-2024-20811.json b/CVE-2024/CVE-2024-208xx/CVE-2024-20811.json new file mode 100644 index 00000000000..18e2422edfa --- /dev/null +++ b/CVE-2024/CVE-2024-208xx/CVE-2024-20811.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-20811", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2024-02-06T03:15:07.923", + "lastModified": "2024-02-06T03:15:07.923", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper caller verification in GameOptimizer prior to SMR Feb-2024 Release 1 allows local attackers to configure GameOptimizer." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 2.5 + } + ] + }, + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=02", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-208xx/CVE-2024-20812.json b/CVE-2024/CVE-2024-208xx/CVE-2024-20812.json new file mode 100644 index 00000000000..4f0a176d70c --- /dev/null +++ b/CVE-2024/CVE-2024-208xx/CVE-2024-20812.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-20812", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2024-02-06T03:15:08.100", + "lastModified": "2024-02-06T03:15:08.100", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Out-of-bounds Write in padmd_vld_htbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.5, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=02", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-208xx/CVE-2024-20813.json b/CVE-2024/CVE-2024-208xx/CVE-2024-20813.json new file mode 100644 index 00000000000..04333d2c2b5 --- /dev/null +++ b/CVE-2024/CVE-2024-208xx/CVE-2024-20813.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-20813", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2024-02-06T03:15:08.297", + "lastModified": "2024-02-06T03:15:08.297", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Out-of-bounds Write in padmd_vld_qtbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.5, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=02", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-208xx/CVE-2024-20814.json b/CVE-2024/CVE-2024-208xx/CVE-2024-20814.json new file mode 100644 index 00000000000..af376849ddf --- /dev/null +++ b/CVE-2024/CVE-2024-208xx/CVE-2024-20814.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-20814", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2024-02-06T03:15:08.533", + "lastModified": "2024-02-06T03:15:08.533", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Out-of-bounds Read in padmd_vld_ac_prog_refine of libpadm.so prior to SMR Feb-2024 Release 1 allows attacker access unauthorized information." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=02", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-208xx/CVE-2024-20815.json b/CVE-2024/CVE-2024-208xx/CVE-2024-20815.json new file mode 100644 index 00000000000..ccb3556c275 --- /dev/null +++ b/CVE-2024/CVE-2024-208xx/CVE-2024-20815.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-20815", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2024-02-06T03:15:08.720", + "lastModified": "2024-02-06T03:15:08.720", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper authentication vulnerability in onCharacteristicReadRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user awareness." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 8.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.8 + } + ] + }, + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=02", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-208xx/CVE-2024-20816.json b/CVE-2024/CVE-2024-208xx/CVE-2024-20816.json new file mode 100644 index 00000000000..0083ea95e2e --- /dev/null +++ b/CVE-2024/CVE-2024-208xx/CVE-2024-20816.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-20816", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2024-02-06T03:15:08.907", + "lastModified": "2024-02-06T03:15:08.907", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper authentication vulnerability in onCharacteristicWriteRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user awareness." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 8.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.8 + } + ] + }, + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=02", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-208xx/CVE-2024-20817.json b/CVE-2024/CVE-2024-208xx/CVE-2024-20817.json new file mode 100644 index 00000000000..3885b79085b --- /dev/null +++ b/CVE-2024/CVE-2024-208xx/CVE-2024-20817.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-20817", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2024-02-06T03:15:09.097", + "lastModified": "2024-02-06T03:15:09.097", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Out out bounds Write vulnerabilities in svc1td_vld_slh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 6.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 4.7 + } + ] + }, + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=02", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-208xx/CVE-2024-20818.json b/CVE-2024/CVE-2024-208xx/CVE-2024-20818.json new file mode 100644 index 00000000000..90561c04eda --- /dev/null +++ b/CVE-2024/CVE-2024-208xx/CVE-2024-20818.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-20818", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2024-02-06T03:15:09.287", + "lastModified": "2024-02-06T03:15:09.287", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Out out bounds Write vulnerabilities in svc1td_vld_elh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 6.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 4.7 + } + ] + }, + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=02", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-208xx/CVE-2024-20819.json b/CVE-2024/CVE-2024-208xx/CVE-2024-20819.json new file mode 100644 index 00000000000..083a4848dfb --- /dev/null +++ b/CVE-2024/CVE-2024-208xx/CVE-2024-20819.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-20819", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2024-02-06T03:15:09.480", + "lastModified": "2024-02-06T03:15:09.480", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Out out bounds Write vulnerabilities in svc1td_vld_plh_ap of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 6.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 4.7 + } + ] + }, + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=02", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-208xx/CVE-2024-20820.json b/CVE-2024/CVE-2024-208xx/CVE-2024-20820.json new file mode 100644 index 00000000000..7194ce6373d --- /dev/null +++ b/CVE-2024/CVE-2024-208xx/CVE-2024-20820.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-20820", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2024-02-06T03:15:09.670", + "lastModified": "2024-02-06T03:15:09.670", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper input validation in bootloader prior to SMR Feb-2024 Release 1 allows attacker to cause an Out-Of-Bounds read." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=02", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-208xx/CVE-2024-20822.json b/CVE-2024/CVE-2024-208xx/CVE-2024-20822.json new file mode 100644 index 00000000000..9556b190079 --- /dev/null +++ b/CVE-2024/CVE-2024-208xx/CVE-2024-20822.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-20822", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2024-02-06T03:15:09.867", + "lastModified": "2024-02-06T03:15:09.867", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Implicit intent hijacking vulnerability in AccountActivity of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=02", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-208xx/CVE-2024-20823.json b/CVE-2024/CVE-2024-208xx/CVE-2024-20823.json new file mode 100644 index 00000000000..5f4bcac23f3 --- /dev/null +++ b/CVE-2024/CVE-2024-208xx/CVE-2024-20823.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-20823", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2024-02-06T03:15:10.057", + "lastModified": "2024-02-06T03:15:10.057", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Implicit intent hijacking vulnerability in SamsungAccount of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=02", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-208xx/CVE-2024-20824.json b/CVE-2024/CVE-2024-208xx/CVE-2024-20824.json new file mode 100644 index 00000000000..fc9110a064b --- /dev/null +++ b/CVE-2024/CVE-2024-208xx/CVE-2024-20824.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-20824", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2024-02-06T03:15:10.240", + "lastModified": "2024-02-06T03:15:10.240", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Implicit intent hijacking vulnerability in VoiceSearch of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=02", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-208xx/CVE-2024-20825.json b/CVE-2024/CVE-2024-208xx/CVE-2024-20825.json new file mode 100644 index 00000000000..4cbb5145839 --- /dev/null +++ b/CVE-2024/CVE-2024-208xx/CVE-2024-20825.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-20825", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2024-02-06T03:15:10.430", + "lastModified": "2024-02-06T03:15:10.430", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Implicit intent hijacking vulnerability in IAP of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=02", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-208xx/CVE-2024-20826.json b/CVE-2024/CVE-2024-208xx/CVE-2024-20826.json new file mode 100644 index 00000000000..663c4c166a8 --- /dev/null +++ b/CVE-2024/CVE-2024-208xx/CVE-2024-20826.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-20826", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2024-02-06T03:15:10.623", + "lastModified": "2024-02-06T03:15:10.623", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Implicit intent hijacking vulnerability in UPHelper library prior to version 4.0.0 allows local attackers to access sensitive information via implicit intent." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=02", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-208xx/CVE-2024-20827.json b/CVE-2024/CVE-2024-208xx/CVE-2024-20827.json new file mode 100644 index 00000000000..aca74df437a --- /dev/null +++ b/CVE-2024/CVE-2024-208xx/CVE-2024-20827.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-20827", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2024-02-06T03:15:10.813", + "lastModified": "2024-02-06T03:15:10.813", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper access control vulnerability in Samsung Gallery prior to version 14.5.04.4 allows physical attackers to access the picture using physical keyboard on the lockscreen." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=02", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-208xx/CVE-2024-20828.json b/CVE-2024/CVE-2024-208xx/CVE-2024-20828.json new file mode 100644 index 00000000000..6174850d3da --- /dev/null +++ b/CVE-2024/CVE-2024-208xx/CVE-2024-20828.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-20828", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2024-02-06T03:15:11.010", + "lastModified": "2024-02-06T03:15:11.010", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper authorization verification vulnerability in Samsung Internet prior to version 24.0 allows physical attackers to access files downloaded in SecretMode without proper authentication." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 2.4, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 0.9, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=02", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-248xx/CVE-2024-24808.json b/CVE-2024/CVE-2024-248xx/CVE-2024-24808.json new file mode 100644 index 00000000000..0795686e46e --- /dev/null +++ b/CVE-2024/CVE-2024-248xx/CVE-2024-24808.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-24808", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-02-06T04:15:08.260", + "lastModified": "2024-02-06T04:15:08.260", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the `get_redirect_url` function when redirecting users at login. This vulnerability has been patched with commit fe94451." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/pyload/pyload/commit/fe94451dcc2be90b3889e2fd9d07b483c8a6dccd", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/pyload/pyload/security/advisories/GHSA-g3cm-qg2v-2hj5", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 658d70cee65..c08d699bd81 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-02-06T03:00:25.770920+00:00 +2024-02-06T05:00:24.160042+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-02-06T02:15:09.113000+00:00 +2024-02-06T04:15:08.260000+00:00 ``` ### Last Data Feed Release @@ -29,60 +29,38 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -237697 +237716 ``` ### CVEs added in the last Commit -Recently added CVEs: `16` +Recently added CVEs: `19` -* [CVE-2023-46359](CVE-2023/CVE-2023-463xx/CVE-2023-46359.json) (`2024-02-06T01:15:07.877`) -* [CVE-2023-46360](CVE-2023/CVE-2023-463xx/CVE-2023-46360.json) (`2024-02-06T01:15:07.930`) -* [CVE-2023-47022](CVE-2023/CVE-2023-470xx/CVE-2023-47022.json) (`2024-02-06T01:15:07.987`) -* [CVE-2023-47353](CVE-2023/CVE-2023-473xx/CVE-2023-47353.json) (`2024-02-06T01:15:08.037`) -* [CVE-2023-47889](CVE-2023/CVE-2023-478xx/CVE-2023-47889.json) (`2024-02-06T01:15:08.087`) -* [CVE-2023-6229](CVE-2023/CVE-2023-62xx/CVE-2023-6229.json) (`2024-02-06T01:15:08.137`) -* [CVE-2023-6230](CVE-2023/CVE-2023-62xx/CVE-2023-6230.json) (`2024-02-06T01:15:08.350`) -* [CVE-2023-6231](CVE-2023/CVE-2023-62xx/CVE-2023-6231.json) (`2024-02-06T01:15:08.547`) -* [CVE-2023-6232](CVE-2023/CVE-2023-62xx/CVE-2023-6232.json) (`2024-02-06T01:15:08.740`) -* [CVE-2023-6233](CVE-2023/CVE-2023-62xx/CVE-2023-6233.json) (`2024-02-06T01:15:08.930`) -* [CVE-2023-6234](CVE-2023/CVE-2023-62xx/CVE-2023-6234.json) (`2024-02-06T01:15:09.107`) -* [CVE-2024-0244](CVE-2024/CVE-2024-02xx/CVE-2024-0244.json) (`2024-02-06T01:15:09.300`) -* [CVE-2024-22773](CVE-2024/CVE-2024-227xx/CVE-2024-22773.json) (`2024-02-06T01:15:09.647`) -* [CVE-2024-24112](CVE-2024/CVE-2024-241xx/CVE-2024-24112.json) (`2024-02-06T01:15:09.700`) -* [CVE-2024-22852](CVE-2024/CVE-2024-228xx/CVE-2024-22852.json) (`2024-02-06T02:15:08.663`) -* [CVE-2024-22853](CVE-2024/CVE-2024-228xx/CVE-2024-22853.json) (`2024-02-06T02:15:08.757`) +* [CVE-2024-20810](CVE-2024/CVE-2024-208xx/CVE-2024-20810.json) (`2024-02-06T03:15:07.723`) +* [CVE-2024-20811](CVE-2024/CVE-2024-208xx/CVE-2024-20811.json) (`2024-02-06T03:15:07.923`) +* [CVE-2024-20812](CVE-2024/CVE-2024-208xx/CVE-2024-20812.json) (`2024-02-06T03:15:08.100`) +* [CVE-2024-20813](CVE-2024/CVE-2024-208xx/CVE-2024-20813.json) (`2024-02-06T03:15:08.297`) +* [CVE-2024-20814](CVE-2024/CVE-2024-208xx/CVE-2024-20814.json) (`2024-02-06T03:15:08.533`) +* [CVE-2024-20815](CVE-2024/CVE-2024-208xx/CVE-2024-20815.json) (`2024-02-06T03:15:08.720`) +* [CVE-2024-20816](CVE-2024/CVE-2024-208xx/CVE-2024-20816.json) (`2024-02-06T03:15:08.907`) +* [CVE-2024-20817](CVE-2024/CVE-2024-208xx/CVE-2024-20817.json) (`2024-02-06T03:15:09.097`) +* [CVE-2024-20818](CVE-2024/CVE-2024-208xx/CVE-2024-20818.json) (`2024-02-06T03:15:09.287`) +* [CVE-2024-20819](CVE-2024/CVE-2024-208xx/CVE-2024-20819.json) (`2024-02-06T03:15:09.480`) +* [CVE-2024-20820](CVE-2024/CVE-2024-208xx/CVE-2024-20820.json) (`2024-02-06T03:15:09.670`) +* [CVE-2024-20822](CVE-2024/CVE-2024-208xx/CVE-2024-20822.json) (`2024-02-06T03:15:09.867`) +* [CVE-2024-20823](CVE-2024/CVE-2024-208xx/CVE-2024-20823.json) (`2024-02-06T03:15:10.057`) +* [CVE-2024-20824](CVE-2024/CVE-2024-208xx/CVE-2024-20824.json) (`2024-02-06T03:15:10.240`) +* [CVE-2024-20825](CVE-2024/CVE-2024-208xx/CVE-2024-20825.json) (`2024-02-06T03:15:10.430`) +* [CVE-2024-20826](CVE-2024/CVE-2024-208xx/CVE-2024-20826.json) (`2024-02-06T03:15:10.623`) +* [CVE-2024-20827](CVE-2024/CVE-2024-208xx/CVE-2024-20827.json) (`2024-02-06T03:15:10.813`) +* [CVE-2024-20828](CVE-2024/CVE-2024-208xx/CVE-2024-20828.json) (`2024-02-06T03:15:11.010`) +* [CVE-2024-24808](CVE-2024/CVE-2024-248xx/CVE-2024-24808.json) (`2024-02-06T04:15:08.260`) ### CVEs modified in the last Commit -Recently modified CVEs: `119` +Recently modified CVEs: `0` -* [CVE-2024-0859](CVE-2024/CVE-2024-08xx/CVE-2024-0859.json) (`2024-02-06T01:00:55.997`) -* [CVE-2024-0869](CVE-2024/CVE-2024-08xx/CVE-2024-0869.json) (`2024-02-06T01:00:55.997`) -* [CVE-2024-0954](CVE-2024/CVE-2024-09xx/CVE-2024-0954.json) (`2024-02-06T01:00:55.997`) -* [CVE-2024-0961](CVE-2024/CVE-2024-09xx/CVE-2024-0961.json) (`2024-02-06T01:00:55.997`) -* [CVE-2024-0969](CVE-2024/CVE-2024-09xx/CVE-2024-0969.json) (`2024-02-06T01:00:55.997`) -* [CVE-2024-1046](CVE-2024/CVE-2024-10xx/CVE-2024-1046.json) (`2024-02-06T01:00:55.997`) -* [CVE-2024-1072](CVE-2024/CVE-2024-10xx/CVE-2024-1072.json) (`2024-02-06T01:00:55.997`) -* [CVE-2024-1075](CVE-2024/CVE-2024-10xx/CVE-2024-1075.json) (`2024-02-06T01:00:55.997`) -* [CVE-2024-1092](CVE-2024/CVE-2024-10xx/CVE-2024-1092.json) (`2024-02-06T01:00:55.997`) -* [CVE-2024-1121](CVE-2024/CVE-2024-11xx/CVE-2024-1121.json) (`2024-02-06T01:00:55.997`) -* [CVE-2024-1177](CVE-2024/CVE-2024-11xx/CVE-2024-1177.json) (`2024-02-06T01:00:55.997`) -* [CVE-2024-1208](CVE-2024/CVE-2024-12xx/CVE-2024-1208.json) (`2024-02-06T01:00:55.997`) -* [CVE-2024-1209](CVE-2024/CVE-2024-12xx/CVE-2024-1209.json) (`2024-02-06T01:00:55.997`) -* [CVE-2024-1210](CVE-2024/CVE-2024-12xx/CVE-2024-1210.json) (`2024-02-06T01:00:55.997`) -* [CVE-2024-24595](CVE-2024/CVE-2024-245xx/CVE-2024-24595.json) (`2024-02-06T01:00:55.997`) -* [CVE-2024-0964](CVE-2024/CVE-2024-09xx/CVE-2024-0964.json) (`2024-02-06T01:00:55.997`) -* [CVE-2024-23049](CVE-2024/CVE-2024-230xx/CVE-2024-23049.json) (`2024-02-06T01:00:55.997`) -* [CVE-2024-24398](CVE-2024/CVE-2024-243xx/CVE-2024-24398.json) (`2024-02-06T01:00:55.997`) -* [CVE-2024-22319](CVE-2024/CVE-2024-223xx/CVE-2024-22319.json) (`2024-02-06T01:15:09.500`) -* [CVE-2024-1086](CVE-2024/CVE-2024-10xx/CVE-2024-1086.json) (`2024-02-06T02:15:08.303`) -* [CVE-2024-21626](CVE-2024/CVE-2024-216xx/CVE-2024-21626.json) (`2024-02-06T02:15:08.420`) -* [CVE-2024-23206](CVE-2024/CVE-2024-232xx/CVE-2024-23206.json) (`2024-02-06T02:15:08.810`) -* [CVE-2024-23213](CVE-2024/CVE-2024-232xx/CVE-2024-23213.json) (`2024-02-06T02:15:08.903`) -* [CVE-2024-23222](CVE-2024/CVE-2024-232xx/CVE-2024-23222.json) (`2024-02-06T02:15:09.010`) -* [CVE-2024-23849](CVE-2024/CVE-2024-238xx/CVE-2024-23849.json) (`2024-02-06T02:15:09.113`) ## Download and Usage