Auto-Update: 2025-03-27T09:00:19.778016+00:00

2025-06-21 17:41:05 +00:00 · 2025-03-27 09:03:51 +00:00 · 2025-03-27 09:03:51 +00:00 · d2b14a0cba
commit d2b14a0cba
parent f9eaa3d66b
8 changed files with 312 additions and 15 deletions
--- a/CVE-2024/CVE-2024-453xx/CVE-2024-45346.json
+++ b/CVE-2024/CVE-2024-453xx/CVE-2024-45346.json
@ -2,13 +2,13 @@
  "id": "CVE-2024-45346",
  "sourceIdentifier": "security@xiaomi.com",
  "published": "2024-08-28T07:15:08.823",
-  "lastModified": "2025-03-14T17:15:47.590",
+  "lastModified": "2025-03-27T07:15:37.187",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
-      "value": "A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code."
+      "value": "The Xiaomi Security Center expresses heartfelt thanks to Ken Gannon and Ilyes Beghdadi of NCC Group working with Trend Micro Zero Day Initiative! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center (MiSRC) to jointly ensure the safe access of millions of Xiaomi users worldwide Life."
    },
    {
      "lang": "es",
@ -40,6 +40,16 @@
    ]
  },
  "weaknesses": [
+    {
+      "source": "security@xiaomi.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-287"
+        }
+      ]
+    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary",
--- a/CVE-2024/CVE-2024-453xx/CVE-2024-45353.json
+++ b/CVE-2024/CVE-2024-453xx/CVE-2024-45353.json
@ -0,0 +1,56 @@
+{
+  "id": "CVE-2024-45353",
+  "sourceIdentifier": "security@xiaomi.com",
+  "published": "2025-03-27T07:15:38.373",
+  "lastModified": "2025-03-27T07:15:38.373",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An intent redriction vulnerability exists in the Xiaomi quick App framework application product. The vulnerability is caused by improper input validation and can be exploited by attackers tointent redriction."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@xiaomi.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@xiaomi.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-346"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=551",
+      "source": "security@xiaomi.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-453xx/CVE-2024-45354.json
+++ b/CVE-2024/CVE-2024-453xx/CVE-2024-45354.json
@ -0,0 +1,56 @@
+{
+  "id": "CVE-2024-45354",
+  "sourceIdentifier": "security@xiaomi.com",
+  "published": "2025-03-27T07:15:38.507",
+  "lastModified": "2025-03-27T07:15:38.507",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A code execution vulnerability exists in the Xiaomi shop applicationproduct. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@xiaomi.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@xiaomi.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-346"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=552",
+      "source": "security@xiaomi.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-453xx/CVE-2024-45355.json
+++ b/CVE-2024/CVE-2024-453xx/CVE-2024-45355.json
@ -0,0 +1,56 @@
+{
+  "id": "CVE-2024-45355",
+  "sourceIdentifier": "security@xiaomi.com",
+  "published": "2025-03-27T07:15:38.623",
+  "lastModified": "2025-03-27T07:15:38.623",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A unauthorized access vulnerability exists in the Xiaomi phone framework. The vulnerability is caused by improper validation and can be exploited by attackers to Access sensitive methods."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@xiaomi.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
+          "baseScore": 5.5,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@xiaomi.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-306"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=553",
+      "source": "security@xiaomi.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-453xx/CVE-2024-45356.json
+++ b/CVE-2024/CVE-2024-453xx/CVE-2024-45356.json
@ -0,0 +1,56 @@
+{
+  "id": "CVE-2024-45356",
+  "sourceIdentifier": "security@xiaomi.com",
+  "published": "2025-03-27T08:15:16.297",
+  "lastModified": "2025-03-27T08:15:16.297",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A unauthorized access vulnerability exists in the Xiaomi phone framework. The vulnerability is caused by improper validation and can be exploited by attackers to Access sensitive methods."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@xiaomi.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H",
+          "baseScore": 7.3,
+          "baseSeverity": "HIGH",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.5
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@xiaomi.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-306"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=554",
+      "source": "security@xiaomi.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-453xx/CVE-2024-45361.json
+++ b/CVE-2024/CVE-2024-453xx/CVE-2024-45361.json
@ -0,0 +1,56 @@
+{
+  "id": "CVE-2024-45361",
+  "sourceIdentifier": "security@xiaomi.com",
+  "published": "2025-03-27T08:15:17.263",
+  "lastModified": "2025-03-27T08:15:17.263",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A protocol flaw vulnerability exists in the Xiaomi Mi Connect Service APP. The vulnerability is caused by the validation logic is flawed and can be exploited by attackers to leak sensitive user information."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@xiaomi.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "ADJACENT_NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@xiaomi.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-319"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=558",
+      "source": "security@xiaomi.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2025-03-27T07:00:20.093969+00:00
+2025-03-27T09:00:19.778016+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2025-03-27T06:15:29.720000+00:00
+2025-03-27T08:15:17.263000+00:00
 ```

 ### Last Data Feed Release
@ -33,23 +33,25 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-286758
+286763
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `3`
+Recently added CVEs: `5`

- [CVE-2025-0273](CVE-2025/CVE-2025-02xx/CVE-2025-0273.json) (`2025-03-27T05:15:38.237`)
- [CVE-2025-2332](CVE-2025/CVE-2025-23xx/CVE-2025-2332.json) (`2025-03-27T06:15:28.180`)
- [CVE-2025-2685](CVE-2025/CVE-2025-26xx/CVE-2025-2685.json) (`2025-03-27T06:15:29.550`)
+- [CVE-2024-45353](CVE-2024/CVE-2024-453xx/CVE-2024-45353.json) (`2025-03-27T07:15:38.373`)
+- [CVE-2024-45354](CVE-2024/CVE-2024-453xx/CVE-2024-45354.json) (`2025-03-27T07:15:38.507`)
+- [CVE-2024-45355](CVE-2024/CVE-2024-453xx/CVE-2024-45355.json) (`2025-03-27T07:15:38.623`)
+- [CVE-2024-45356](CVE-2024/CVE-2024-453xx/CVE-2024-45356.json) (`2025-03-27T08:15:16.297`)
+- [CVE-2024-45361](CVE-2024/CVE-2024-453xx/CVE-2024-45361.json) (`2025-03-27T08:15:17.263`)


 ### CVEs modified in the last Commit

 Recently modified CVEs: `1`

- [CVE-2025-2720](CVE-2025/CVE-2025-27xx/CVE-2025-2720.json) (`2025-03-27T06:15:29.720`)
+- [CVE-2024-45346](CVE-2024/CVE-2024-453xx/CVE-2024-45346.json) (`2025-03-27T07:15:37.187`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -268420,12 +268420,17 @@ CVE-2024-45342,0,0,a4a31e9769756ae24649b74b18bd2d95ae5ebb0482440ad62570ce13c5ec4
 CVE-2024-45343,0,0,318ff9ada4e764bd6c635c00720e7b9030062bb890baf82a7e3f16a4a83b72fb,2025-01-08T20:15:27.690000
 CVE-2024-45344,0,0,af604bd20c17ff15fecd0779ea006a02560ba533390f654e0b99f1b752eeb5b0,2025-01-08T20:15:27.753000
 CVE-2024-45345,0,0,4e5002e5dc81035c1af4e238f5f319df35e1e7454ff3bb9f51dea50624303a65,2025-01-08T20:15:27.843000
-CVE-2024-45346,0,0,556b0325369db812da5d3ca351593663eeefcc15146e049af11d00d6b0f23de3,2025-03-14T17:15:47.590000
+CVE-2024-45346,0,1,e23e79f56e8bad36ff7aebdfbd79808ea9fa8bd6f2e4387d68d4b0be5a359215,2025-03-27T07:15:37.187000
 CVE-2024-45348,0,0,1e1db77a5a16312aa537fb47b5ac485ad4a9ec1edf7b08e9d1addf2cc98471e9,2024-11-25T17:14:11.713000
 CVE-2024-4535,0,0,78f0543f36f54882e03e81f0faf12704615c89d5497f070efb8f0b2a49e7c790,2025-03-25T15:15:23.147000
 CVE-2024-45351,0,0,9798bc02eb0ba83db1ec479e2565390e6f6e7ab4d219551bf7245075b78bfee8,2025-03-26T14:15:31.457000
 CVE-2024-45352,0,0,de7c306e0645174ec78d434495a14130b165ebf334e095efc8cf412f3b8d78ad,2025-03-27T02:15:15.873000
+CVE-2024-45353,1,1,f8afacccc640972e6c1b38d048f96dc51529992f3ae21626beeac46090696d32,2025-03-27T07:15:38.373000
+CVE-2024-45354,1,1,7c90111e1c751fc9fa055c8c8ea15ff4091f036ff1ec808b1c4e4283c7140444,2025-03-27T07:15:38.507000
+CVE-2024-45355,1,1,3e5edc80d642adfd4fa6967dd356b90a54b44a922a4b0457ced66ec58892b5f0,2025-03-27T07:15:38.623000
+CVE-2024-45356,1,1,6d23b1c73b04a4dcd1d83e18e331cfa2dc49ad3717e22d310d9adba515b2be3f,2025-03-27T08:15:16.297000
 CVE-2024-4536,0,0,d554a9fba63153c422b87ae2d4b0219537ca1cbc00fd943074006c5d6a843426,2025-02-06T17:32:48.777000
+CVE-2024-45361,1,1,787d5e57a566499f7931c3bbb44b88f95f21a2c68b4ed3b66ada83c94d0b6078,2025-03-27T08:15:17.263000
 CVE-2024-45366,0,0,d13f4b03dcbe654ea752888fe69e44580333b063ff67391732408feaba64beb9,2024-11-05T22:35:10.920000
 CVE-2024-45367,0,0,64e84bc9ed60e849e1ae71705aae4a59b4ff0cb910f064adb8ff87e0d48d255e,2024-10-04T13:50:43.727000
 CVE-2024-45368,0,0,25667bc7c124707859d40d5c6774ea2bc90601e6c98766cdc8f3cc6d89f039b0,2024-09-14T11:47:14.677000
@ -281018,7 +281023,7 @@ CVE-2025-0247,0,0,0125f498ef227ebc436135b5d9339a763bd05ec1f3a6e4d4fb60e8d0a95246
 CVE-2025-0254,0,0,c0b515e46d918691acf880cf7e48dd1484bbbda9200e70d05e0bbba9fd762e5a,2025-03-20T15:15:45.030000
 CVE-2025-0255,0,0,3fab53593e373476dec25ea98efac6a50ee9c169df0e4e782c6042750dfe8201,2025-03-24T17:15:20.110000
 CVE-2025-0256,0,0,6d2f8ecb854253b9537e5474f340bfbfe8c72c3610ca9a2b4b15a333ada88189,2025-03-24T16:15:33.120000
-CVE-2025-0273,1,1,053bb3adf17084392c34453326f69ac62bcb8da838edcd7fd0cf464f9b6c64fd,2025-03-27T05:15:38.237000
+CVE-2025-0273,0,0,053bb3adf17084392c34453326f69ac62bcb8da838edcd7fd0cf464f9b6c64fd,2025-03-27T05:15:38.237000
 CVE-2025-0281,0,0,3eed2c9ac115be61f8948fe5ec86ee9cb61bbdd7dd3b065a4b62fe68aa7cd3a6,2025-03-20T10:15:52.153000
 CVE-2025-0282,0,0,0b79992968afdfd3dca90a89278588bc0fa8213f971654a2b0fa6c3c0b74907e,2025-03-17T19:24:45.253000
 CVE-2025-0283,0,0,170559952a9515dd5478b031ee87167014dac9ea49e5e0d222b13defbaf7dddd,2025-01-14T15:58:55.813000
@ -283810,7 +283815,7 @@ CVE-2025-23243,0,0,d341dee54207e76092fa73545c292abf7fbfda4eb6567d84dd5238ba2f02d
 CVE-2025-2325,0,0,13c6f3c24dd300d81977cebacc098db98e57b148c37ef530d50f5e2edd70e656,2025-03-25T20:07:03.383000
 CVE-2025-2326,0,0,0ec0c28e6b995dc182a44a080592df606d562ca954869d7753960c79a6ff321c,2025-03-24T15:15:16.830000
 CVE-2025-2331,0,0,b072726b3afe477229f13ce6fa12da5840fde8f6531f821787ad2abd1eb769a5,2025-03-22T12:15:26.833000
-CVE-2025-2332,1,1,f84ef07841c06cdb5162f57390e5f69deac4138a0b985d96eed004c20e47df09,2025-03-27T06:15:28.180000
+CVE-2025-2332,0,0,f84ef07841c06cdb5162f57390e5f69deac4138a0b985d96eed004c20e47df09,2025-03-27T06:15:28.180000
 CVE-2025-2333,0,0,600470717f73ae989a4e33407be9c331e6223c6ec027e4a7c73886df7950cb72,2025-03-15T12:15:12.610000
 CVE-2025-2334,0,0,af1cfc1613b38618f43c910beb17815194cac4ddb461c16fb47f2aba7d734581,2025-03-17T16:15:27.017000
 CVE-2025-2335,0,0,833479a18c8a0594376e23428e7b5d0c44e7fee9fa697872f4bc27a1568d612e,2025-03-16T03:15:37.907000
@ -285860,7 +285865,7 @@ CVE-2025-2682,0,0,1f6afc395b3a492c46c222208c54c66658c9b287b6a7e8da79cfea7bd2f453
 CVE-2025-2683,0,0,a759cb622c186e5ad7f30a0bb59fac5800c590e753e145696b1b93fbab75a2b8,2025-03-24T17:28:23.250000
 CVE-2025-2684,0,0,ef7fe32b633d58e8842d7273a41eaa92267e238e2f87fb8a09c71c6bcb6395c6,2025-03-24T17:18:54.283000
 CVE-2025-26849,0,0,b01e97de5d13c5e322817bb01db0ae13a4e34f402b7f75a8f8b8da54efb28ebd,2025-03-05T04:15:12.367000
-CVE-2025-2685,1,1,34cb3f4958b0de0496ce28a7a2aa3f8b620a89c0e5121b7e914601f5e55deb51,2025-03-27T06:15:29.550000
+CVE-2025-2685,0,0,34cb3f4958b0de0496ce28a7a2aa3f8b620a89c0e5121b7e914601f5e55deb51,2025-03-27T06:15:29.550000
 CVE-2025-26852,0,0,2707ef116e0a8759e131a6023189e00959d2ed7f9f20771b9754d1022251ac18,2025-03-25T13:15:40.793000
 CVE-2025-26853,0,0,6b301532c9f4b450159f96198c19fbcde47cc6cc13f1c0fca54f5cb5b2c817ef,2025-03-20T21:15:23.550000
 CVE-2025-26856,0,0,7824298cfc11aa81d23219a23487dd842dd5c11d44f90723ef1786188c90cd64,2025-02-20T06:15:21.673000
@ -286057,7 +286062,7 @@ CVE-2025-27178,0,0,c0d88664738e20e92964f976914afee130c9a89aa0dbea09624f6f217ab10
 CVE-2025-27179,0,0,e658b366f7a3b06f1476082709f4a4e62efd35013484c2cf080c38676d042480,2025-03-11T18:15:36.353000
 CVE-2025-27180,0,0,b19084cbc983aa321eeb856e49b47a1e72dbe787bf6a8284a3874ff61419d220,2025-03-11T21:15:42.463000
 CVE-2025-27181,0,0,a6a9ce63b284d6ceeb21e9a4def4af91dd2ed31fd65fd783300575a45140db01,2025-03-11T21:15:42.613000
-CVE-2025-2720,0,1,9ae0525d8f85a05348d1159e71fc380adf3a8b9852bd68a0d6d2a49136b12cab,2025-03-27T06:15:29.720000
+CVE-2025-2720,0,0,9ae0525d8f85a05348d1159e71fc380adf3a8b9852bd68a0d6d2a49136b12cab,2025-03-27T06:15:29.720000
 CVE-2025-2721,0,0,5688fc3e066f588e94732819cfc733473401dc2843aa1ba44705983c628154fc,2025-03-25T00:15:15.693000
 CVE-2025-27218,0,0,a1f84aab7c20671025069586dc6eda2e424af576b61d56df1ec2458e5aa40a25,2025-02-20T21:15:26.510000
 CVE-2025-27219,0,0,daf263bc5dc335c24b10a63de4b30bc2cd803d7c7b13164f0156e1db3a4313a5,2025-03-05T14:08:20.493000