Auto-Update: 2024-01-26T09:00:24.760680+00:00

2025-07-09 16:05:11 +00:00 · 2024-01-26 09:00:28 +00:00 · 2024-01-26 09:00:28 +00:00 · d658a8640e
commit d658a8640e
parent bd560e8733
13 changed files with 292 additions and 10 deletions
--- a/CVE-2023/CVE-2023-481xx/CVE-2023-48126.json
+++ b/CVE-2023/CVE-2023-481xx/CVE-2023-48126.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-48126",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-01-26T07:15:56.110",
+  "lastModified": "2024-01-26T07:15:56.110",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue in Luxe Beauty Clinic mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/syz913/CVE-reports/blob/main/Luxe%20Beauty%20Clinic.md",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-481xx/CVE-2023-48127.json
+++ b/CVE-2023/CVE-2023-481xx/CVE-2023-48127.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-48127",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-01-26T07:15:56.860",
+  "lastModified": "2024-01-26T07:15:56.860",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue in myGAKUYA mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/syz913/CVE-reports/blob/main/myGAKUYA.md",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-481xx/CVE-2023-48128.json
+++ b/CVE-2023/CVE-2023-481xx/CVE-2023-48128.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-48128",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-01-26T07:15:57.120",
+  "lastModified": "2024-01-26T07:15:57.120",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue in UNITED BOXING GYM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/syz913/CVE-reports/blob/main/UNITED%20BOXING%20GYM.md",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-481xx/CVE-2023-48129.json
+++ b/CVE-2023/CVE-2023-481xx/CVE-2023-48129.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-48129",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-01-26T08:15:42.070",
+  "lastModified": "2024-01-26T08:15:42.070",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue in kimono-oldnew mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/syz913/CVE-reports/blob/main/kimono-oldnew.md",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-481xx/CVE-2023-48130.json
+++ b/CVE-2023/CVE-2023-481xx/CVE-2023-48130.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-48130",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-01-26T07:15:57.447",
+  "lastModified": "2024-01-26T07:15:57.447",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue in GINZA CAFE mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/syz913/CVE-reports/blob/main/GINZA%20CAFE.md",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-481xx/CVE-2023-48131.json
+++ b/CVE-2023/CVE-2023-481xx/CVE-2023-48131.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-48131",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-01-26T07:15:57.917",
+  "lastModified": "2024-01-26T07:15:57.917",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue in CHIGASAKI BAKERY mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/syz913/CVE-reports/blob/main/CHIGASAKI%20BAKERY.md",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-481xx/CVE-2023-48132.json
+++ b/CVE-2023/CVE-2023-481xx/CVE-2023-48132.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-48132",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-01-26T07:15:58.333",
+  "lastModified": "2024-01-26T07:15:58.333",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue in kosei entertainment esportsstudioLegends mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/syz913/CVE-reports/blob/main/esportsstudioLegends.md",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-481xx/CVE-2023-48133.json
+++ b/CVE-2023/CVE-2023-481xx/CVE-2023-48133.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-48133",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-01-26T07:15:58.693",
+  "lastModified": "2024-01-26T07:15:58.693",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue in angel coffee mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/syz913/CVE-reports/blob/main/angel%20coffee.md",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-481xx/CVE-2023-48135.json
+++ b/CVE-2023/CVE-2023-481xx/CVE-2023-48135.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-48135",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-01-26T07:15:58.987",
+  "lastModified": "2024-01-26T07:15:58.987",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue in mimasaka_farm mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/syz913/CVE-reports/blob/main/mimasaka_farm.md",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-69xx/CVE-2023-6919.json
+++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6919.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-6919",
+  "sourceIdentifier": "iletisim@usom.gov.tr",
+  "published": "2024-01-26T08:15:42.203",
+  "lastModified": "2024-01-26T08:15:42.203",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Path Traversal: '/../filedir' vulnerability in Biges Safe Life Technologies Electronics Inc. VGuard allows Absolute Path Traversal.This issue affects VGuard: before V500.0003.R008.4011.C0012.B351.C.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "iletisim@usom.gov.tr",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "iletisim@usom.gov.tr",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-25"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.usom.gov.tr/bildirim/tr-24-0054",
+      "source": "iletisim@usom.gov.tr"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-225xx/CVE-2024-22545.json
+++ b/CVE-2024/CVE-2024-225xx/CVE-2024-22545.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2024-22545",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-01-26T08:15:42.480",
+  "lastModified": "2024-01-26T08:15:42.480",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "TRENDnet TEW-824DRU version 1.04b01 is vulnerable to Command Injection via the system.ntp.server in the sub_420AE0() function."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://warp-desk-89d.notion.site/TEW-824DRU-e7228d462ce24fa1a9fecb0bee57caad",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-233xx/CVE-2024-23388.json
+++ b/CVE-2024/CVE-2024-233xx/CVE-2024-23388.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2024-23388",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2024-01-26T07:15:59.320",
+  "lastModified": "2024-01-26T07:15:59.320",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper authorization in handler for custom URL scheme issue in \"Mercari\" App for Android prior to version 5.78.0 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://jvn.jp/en/jp/JVN70818619/",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-01-26T07:00:24.434679+00:00
+2024-01-26T09:00:24.760680+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-01-26T05:15:12.203000+00:00
+2024-01-26T08:15:42.480000+00:00
 ```

 ### Last Data Feed Release
@ -29,24 +29,31 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-236857
+236869
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `4`
+Recently added CVEs: `12`

-* [CVE-2023-38317](CVE-2023/CVE-2023-383xx/CVE-2023-38317.json) (`2024-01-26T05:15:11.553`)
-* [CVE-2023-38318](CVE-2023/CVE-2023-383xx/CVE-2023-38318.json) (`2024-01-26T05:15:11.970`)
-* [CVE-2023-38319](CVE-2023/CVE-2023-383xx/CVE-2023-38319.json) (`2024-01-26T05:15:12.063`)
-* [CVE-2023-38323](CVE-2023/CVE-2023-383xx/CVE-2023-38323.json) (`2024-01-26T05:15:12.130`)
+* [CVE-2023-48126](CVE-2023/CVE-2023-481xx/CVE-2023-48126.json) (`2024-01-26T07:15:56.110`)
+* [CVE-2023-48127](CVE-2023/CVE-2023-481xx/CVE-2023-48127.json) (`2024-01-26T07:15:56.860`)
+* [CVE-2023-48128](CVE-2023/CVE-2023-481xx/CVE-2023-48128.json) (`2024-01-26T07:15:57.120`)
+* [CVE-2023-48130](CVE-2023/CVE-2023-481xx/CVE-2023-48130.json) (`2024-01-26T07:15:57.447`)
+* [CVE-2023-48131](CVE-2023/CVE-2023-481xx/CVE-2023-48131.json) (`2024-01-26T07:15:57.917`)
+* [CVE-2023-48132](CVE-2023/CVE-2023-481xx/CVE-2023-48132.json) (`2024-01-26T07:15:58.333`)
+* [CVE-2023-48133](CVE-2023/CVE-2023-481xx/CVE-2023-48133.json) (`2024-01-26T07:15:58.693`)
+* [CVE-2023-48135](CVE-2023/CVE-2023-481xx/CVE-2023-48135.json) (`2024-01-26T07:15:58.987`)
+* [CVE-2023-48129](CVE-2023/CVE-2023-481xx/CVE-2023-48129.json) (`2024-01-26T08:15:42.070`)
+* [CVE-2023-6919](CVE-2023/CVE-2023-69xx/CVE-2023-6919.json) (`2024-01-26T08:15:42.203`)
+* [CVE-2024-23388](CVE-2024/CVE-2024-233xx/CVE-2024-23388.json) (`2024-01-26T07:15:59.320`)
+* [CVE-2024-22545](CVE-2024/CVE-2024-225xx/CVE-2024-22545.json) (`2024-01-26T08:15:42.480`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `1`
+Recently modified CVEs: `0`

-* [CVE-2023-38324](CVE-2023/CVE-2023-383xx/CVE-2023-38324.json) (`2024-01-26T05:15:12.203`)


 ## Download and Usage