From 73c62df08f2d9135957a678fa45127da1b326532 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 29 Feb 2024 19:01:03 +0000 Subject: [PATCH] Auto-Update: 2024-02-29T19:00:59.939071+00:00 --- CVE-2022/CVE-2022-486xx/CVE-2022-48618.json | 12 ++--- CVE-2023/CVE-2023-524xx/CVE-2023-52485.json | 4 +- CVE-2023/CVE-2023-61xx/CVE-2023-6132.json | 59 +++++++++++++++++++++ CVE-2024/CVE-2024-207xx/CVE-2024-20765.json | 55 +++++++++++++++++++ CVE-2024/CVE-2024-20xx/CVE-2024-2001.json | 4 +- CVE-2024/CVE-2024-251xx/CVE-2024-25180.json | 20 +++++++ README.md | 18 ++++--- 7 files changed, 155 insertions(+), 17 deletions(-) create mode 100644 CVE-2023/CVE-2023-61xx/CVE-2023-6132.json create mode 100644 CVE-2024/CVE-2024-207xx/CVE-2024-20765.json create mode 100644 CVE-2024/CVE-2024-251xx/CVE-2024-25180.json diff --git a/CVE-2022/CVE-2022-486xx/CVE-2022-48618.json b/CVE-2022/CVE-2022-486xx/CVE-2022-48618.json index 16c21d61b49..b29505a8cac 100644 --- a/CVE-2022/CVE-2022-486xx/CVE-2022-48618.json +++ b/CVE-2022/CVE-2022-486xx/CVE-2022-48618.json @@ -2,7 +2,7 @@ "id": "CVE-2022-48618", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-09T18:15:45.120", - "lastModified": "2024-02-27T02:00:01.320", + "lastModified": "2024-02-29T17:46:18.173", "vulnStatus": "Analyzed", "cisaExploitAdd": "2024-01-31", "cisaActionDue": "2024-02-21", @@ -25,19 +25,19 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", - "attackComplexity": "LOW", + "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", - "baseScore": 7.8, + "baseScore": 7.0, "baseSeverity": "HIGH" }, - "exploitabilityScore": 1.8, + "exploitabilityScore": 1.0, "impactScore": 5.9 } ] @@ -49,7 +49,7 @@ "description": [ { "lang": "en", - "value": "CWE-287" + "value": "CWE-367" } ] } diff --git a/CVE-2023/CVE-2023-524xx/CVE-2023-52485.json b/CVE-2023/CVE-2023-524xx/CVE-2023-52485.json index bae2c40e7f2..18d316b8d02 100644 --- a/CVE-2023/CVE-2023-524xx/CVE-2023-52485.json +++ b/CVE-2023/CVE-2023-524xx/CVE-2023-52485.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52485", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-02-29T15:15:07.397", - "lastModified": "2024-02-29T15:15:07.397", - "vulnStatus": "Received", + "lastModified": "2024-02-29T18:06:42.010", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6132.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6132.json new file mode 100644 index 00000000000..8f906d732a4 --- /dev/null +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6132.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-6132", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2024-02-29T18:15:16.283", + "lastModified": "2024-02-29T18:15:16.283", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nThe vulnerability, if exploited, could allow a malicious entity with access to the file system to achieve arbitrary code execution and privilege escalation by tricking AVEVA Edge to load an unsafe DLL.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-427" + } + ] + } + ], + "references": [ + { + "url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/", + "source": "ics-cert@hq.dhs.gov" + }, + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-03", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-207xx/CVE-2024-20765.json b/CVE-2024/CVE-2024-207xx/CVE-2024-20765.json new file mode 100644 index 00000000000..424566dbc2c --- /dev/null +++ b/CVE-2024/CVE-2024-207xx/CVE-2024-20765.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-20765", + "sourceIdentifier": "psirt@adobe.com", + "published": "2024-02-29T17:15:07.110", + "lastModified": "2024-02-29T18:06:42.010", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/acrobat/apsb24-07.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-20xx/CVE-2024-2001.json b/CVE-2024/CVE-2024-20xx/CVE-2024-2001.json index a87a2146d9d..0b44de4d499 100644 --- a/CVE-2024/CVE-2024-20xx/CVE-2024-2001.json +++ b/CVE-2024/CVE-2024-20xx/CVE-2024-2001.json @@ -2,8 +2,8 @@ "id": "CVE-2024-2001", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-02-29T14:15:45.280", - "lastModified": "2024-02-29T14:15:45.280", - "vulnStatus": "Received", + "lastModified": "2024-02-29T18:06:42.010", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-251xx/CVE-2024-25180.json b/CVE-2024/CVE-2024-251xx/CVE-2024-25180.json new file mode 100644 index 00000000000..9c160ba8d38 --- /dev/null +++ b/CVE-2024/CVE-2024-251xx/CVE-2024-25180.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-25180", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-02-29T18:15:16.520", + "lastModified": "2024-02-29T18:15:16.520", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue discovered in pdfmake 0.2.9 allows remote attackers to run arbitrary code via crafted POST request to the path '/pdf'." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/joaoviictorti/My-CVES/blob/main/CVE-2024-25180/README.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index ecdfcd6b687..a729b6f593b 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-02-29T17:00:25.814086+00:00 +2024-02-29T19:00:59.939071+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-02-29T15:15:07.473000+00:00 +2024-02-29T18:15:16.520000+00:00 ``` ### Last Data Feed Release @@ -29,21 +29,25 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -240119 +240122 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `3` -* [CVE-2023-52485](CVE-2023/CVE-2023-524xx/CVE-2023-52485.json) (`2024-02-29T15:15:07.397`) +* [CVE-2023-6132](CVE-2023/CVE-2023-61xx/CVE-2023-6132.json) (`2024-02-29T18:15:16.283`) +* [CVE-2024-20765](CVE-2024/CVE-2024-207xx/CVE-2024-20765.json) (`2024-02-29T17:15:07.110`) +* [CVE-2024-25180](CVE-2024/CVE-2024-251xx/CVE-2024-25180.json) (`2024-02-29T18:15:16.520`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `3` -* [CVE-2024-1163](CVE-2024/CVE-2024-11xx/CVE-2024-1163.json) (`2024-02-29T15:15:07.473`) +* [CVE-2022-48618](CVE-2022/CVE-2022-486xx/CVE-2022-48618.json) (`2024-02-29T17:46:18.173`) +* [CVE-2023-52485](CVE-2023/CVE-2023-524xx/CVE-2023-52485.json) (`2024-02-29T18:06:42.010`) +* [CVE-2024-2001](CVE-2024/CVE-2024-20xx/CVE-2024-2001.json) (`2024-02-29T18:06:42.010`) ## Download and Usage