Auto-Update: 2024-01-27T03:00:24.391308+00:00

2025-05-08 19:47:09 +00:00 · 2024-01-27 03:00:28 +00:00 · 2024-01-27 03:00:28 +00:00 · 99f28e444d
commit 99f28e444d
parent 6a0c21e668
3 changed files with 111 additions and 39 deletions
--- a/CVE-2023/CVE-2023-440xx/CVE-2023-44000.json
+++ b/CVE-2023/CVE-2023-440xx/CVE-2023-44000.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-44000",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-01-24T10:15:09.393",
-  "lastModified": "2024-01-24T13:49:03.187",
-  "vulnStatus": "Awaiting Analysis",
+  "lastModified": "2024-01-27T01:23:57.087",
+  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
@ -14,11 +14,67 @@
      "value": "Un problema en la mini-app Otakara lapis totuka en Line v13.6.1 permite a los atacantes enviar notificaciones maliciosas manipuladas mediante la fuga del token de acceso al canal."
    }
  ],
-  "metrics": {},
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "nvd@nist.gov",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.5
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "nvd@nist.gov",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "NVD-CWE-noinfo"
+        }
+      ]
+    }
+  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:linecorp:line:13.6.1:*:*:*:*:*:*:*",
+              "matchCriteriaId": "22743D41-3381-4220-8D9F-60CC36E48F78"
+            }
+          ]
+        }
+      ]
+    }
+  ],
  "references": [
    {
      "url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-44000.md",
-      "source": "cve@mitre.org"
+      "source": "cve@mitre.org",
+      "tags": [
+        "Exploit",
+        "Third Party Advisory"
+      ]
    }
  ]
 }
--- a/CVE-2023/CVE-2023-64xx/CVE-2023-6482.json
+++ b/CVE-2023/CVE-2023-64xx/CVE-2023-6482.json
@ -0,0 +1,43 @@
+{
+  "id": "CVE-2023-6482",
+  "sourceIdentifier": "PSIRT@synaptics.com",
+  "published": "2024-01-27T01:15:08.033",
+  "lastModified": "2024-01-27T01:15:08.033",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Use of encryption key derived from static information in Synaptics Fingerprint Driver allows \n\nan attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor.\u00a0This may \nallow an attacker, who has physical access to the sensor, to enroll a fingerprint into the \ntemplate database."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "PSIRT@synaptics.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
+          "attackVector": "PHYSICAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.2,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 0.9,
+        "impactScore": 4.2
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://www.synaptics.com/sites/default/files/2024-01/fingerprint-driver-encryption-key-security-brief-2024-01-26.pdf",
+      "source": "PSIRT@synaptics.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-01-27T00:55:24.600967+00:00
+2024-01-27T03:00:24.391308+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-01-27T00:42:46.230000+00:00
+2024-01-27T01:23:57.087000+00:00
 ```

 ### Last Data Feed Release
@ -23,54 +23,27 @@ Repository synchronizes with the NVD every 2 hours.
 Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)

 ```plain
-2024-01-26T01:00:28.285926+00:00
+2024-01-27T01:00:28.258210+00:00
 ```

 ### Total Number of included CVEs

 ```plain
-236953
+236954
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `4`
+Recently added CVEs: `1`

-* [CVE-2023-52187](CVE-2023/CVE-2023-521xx/CVE-2023-52187.json) (`2024-01-27T00:15:24.293`)
-* [CVE-2024-22147](CVE-2024/CVE-2024-221xx/CVE-2024-22147.json) (`2024-01-27T00:15:24.567`)
-* [CVE-2024-22283](CVE-2024/CVE-2024-222xx/CVE-2024-22283.json) (`2024-01-27T00:15:24.770`)
-* [CVE-2024-23506](CVE-2024/CVE-2024-235xx/CVE-2024-23506.json) (`2024-01-27T00:15:24.977`)
+* [CVE-2023-6482](CVE-2023/CVE-2023-64xx/CVE-2023-6482.json) (`2024-01-27T01:15:08.033`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `61`
+Recently modified CVEs: `1`

-* [CVE-2024-23890](CVE-2024/CVE-2024-238xx/CVE-2024-23890.json) (`2024-01-27T00:39:55.580`)
-* [CVE-2024-23889](CVE-2024/CVE-2024-238xx/CVE-2024-23889.json) (`2024-01-27T00:39:57.027`)
-* [CVE-2024-23888](CVE-2024/CVE-2024-238xx/CVE-2024-23888.json) (`2024-01-27T00:39:58.610`)
-* [CVE-2024-23887](CVE-2024/CVE-2024-238xx/CVE-2024-23887.json) (`2024-01-27T00:40:00.343`)
-* [CVE-2024-23886](CVE-2024/CVE-2024-238xx/CVE-2024-23886.json) (`2024-01-27T00:40:02.080`)
-* [CVE-2024-23885](CVE-2024/CVE-2024-238xx/CVE-2024-23885.json) (`2024-01-27T00:40:03.627`)
-* [CVE-2024-23884](CVE-2024/CVE-2024-238xx/CVE-2024-23884.json) (`2024-01-27T00:40:05.440`)
-* [CVE-2024-23883](CVE-2024/CVE-2024-238xx/CVE-2024-23883.json) (`2024-01-27T00:40:07.017`)
-* [CVE-2024-23882](CVE-2024/CVE-2024-238xx/CVE-2024-23882.json) (`2024-01-27T00:40:08.750`)
-* [CVE-2024-23881](CVE-2024/CVE-2024-238xx/CVE-2024-23881.json) (`2024-01-27T00:40:10.707`)
-* [CVE-2024-23880](CVE-2024/CVE-2024-238xx/CVE-2024-23880.json) (`2024-01-27T00:40:12.270`)
-* [CVE-2024-23879](CVE-2024/CVE-2024-238xx/CVE-2024-23879.json) (`2024-01-27T00:40:13.847`)
-* [CVE-2024-23878](CVE-2024/CVE-2024-238xx/CVE-2024-23878.json) (`2024-01-27T00:40:15.257`)
-* [CVE-2024-23877](CVE-2024/CVE-2024-238xx/CVE-2024-23877.json) (`2024-01-27T00:40:16.787`)
-* [CVE-2024-23876](CVE-2024/CVE-2024-238xx/CVE-2024-23876.json) (`2024-01-27T00:40:18.700`)
-* [CVE-2024-23875](CVE-2024/CVE-2024-238xx/CVE-2024-23875.json) (`2024-01-27T00:40:21.110`)
-* [CVE-2024-23874](CVE-2024/CVE-2024-238xx/CVE-2024-23874.json) (`2024-01-27T00:40:23.187`)
-* [CVE-2024-0939](CVE-2024/CVE-2024-09xx/CVE-2024-0939.json) (`2024-01-27T00:42:46.230`)
-* [CVE-2024-0941](CVE-2024/CVE-2024-09xx/CVE-2024-0941.json) (`2024-01-27T00:42:46.230`)
-* [CVE-2024-0942](CVE-2024/CVE-2024-09xx/CVE-2024-0942.json) (`2024-01-27T00:42:46.230`)
-* [CVE-2024-0943](CVE-2024/CVE-2024-09xx/CVE-2024-0943.json) (`2024-01-27T00:42:46.230`)
-* [CVE-2024-0944](CVE-2024/CVE-2024-09xx/CVE-2024-0944.json) (`2024-01-27T00:42:46.230`)
-* [CVE-2024-0945](CVE-2024/CVE-2024-09xx/CVE-2024-0945.json) (`2024-01-27T00:42:46.230`)
-* [CVE-2024-0946](CVE-2024/CVE-2024-09xx/CVE-2024-0946.json) (`2024-01-27T00:42:46.230`)
-* [CVE-2024-0948](CVE-2024/CVE-2024-09xx/CVE-2024-0948.json) (`2024-01-27T00:42:46.230`)
+* [CVE-2023-44000](CVE-2023/CVE-2023-440xx/CVE-2023-44000.json) (`2024-01-27T01:23:57.087`)


 ## Download and Usage