Auto-Update: 2024-01-15T15:00:24.615603+00:00

CVE-2020/CVE-2020-159xx/CVE-2020-15999.json

@@ -2,7 +2,7 @@
   "id": "CVE-2020-15999",
   "sourceIdentifier": "chrome-cve-admin@google.com",
   "published": "2020-11-03T03:15:14.853",
-  "lastModified": "2023-11-07T03:18:00.770",
+  "lastModified": "2024-01-15T14:15:23.853",
   "vulnStatus": "Modified",
   "cisaExploitAdd": "2021-11-03",
   "cisaActionDue": "2021-11-17",
@@ -219,6 +219,10 @@
         "Third Party Advisory"
       ]
     },
+    {
+      "url": "https://security.gentoo.org/glsa/202401-19",
+      "source": "chrome-cve-admin@google.com"
+    },
     {
       "url": "https://www.debian.org/security/2021/dsa-4824",
       "source": "chrome-cve-admin@google.com",

CVE-2021/CVE-2021-369xx/CVE-2021-36978.json

@@ -2,7 +2,7 @@
   "id": "CVE-2021-36978",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2021-07-20T07:15:08.030",
-  "lastModified": "2023-09-01T16:15:07.650",
+  "lastModified": "2024-01-15T14:15:24.063",
   "vulnStatus": "Modified",
   "descriptions": [
     {
@@ -132,6 +132,10 @@
     {
       "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00037.html",
       "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://security.gentoo.org/glsa/202401-20",
+      "source": "cve@mitre.org"
     }
   ]
 }

CVE-2023/CVE-2023-421xx/CVE-2023-42134.json

@@ -0,0 +1,67 @@
+{
+  "id": "CVE-2023-42134",
+  "sourceIdentifier": "cvd@cert.pl",
+  "published": "2024-01-15T14:15:24.190",
+  "lastModified": "2024-01-15T14:15:24.190",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.45_20230314 or earlier can allow the signed partition overwrite and subsequently local code execution via hidden command.\n\n\n\n\n\nThe attacker must have physical USB access to the device in order to exploit this vulnerability.\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cvd@cert.pl",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "PHYSICAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 6.8,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 0.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cvd@cert.pl",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-912"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://blog.stmcyber.com/pax-pos-cves-2023/",
+      "source": "cvd@cert.pl"
+    },
+    {
+      "url": "https://cert.pl/en/posts/2024/01/CVE-2023-4818/",
+      "source": "cvd@cert.pl"
+    },
+    {
+      "url": "https://cert.pl/posts/2024/01/CVE-2023-4818/",
+      "source": "cvd@cert.pl"
+    },
+    {
+      "url": "https://ppn.paxengine.com/release/development",
+      "source": "cvd@cert.pl"
+    }
+  ]
+}

CVE-2023/CVE-2023-421xx/CVE-2023-42135.json

@@ -0,0 +1,67 @@
+{
+  "id": "CVE-2023-42135",
+  "sourceIdentifier": "cvd@cert.pl",
+  "published": "2024-01-15T14:15:24.413",
+  "lastModified": "2024-01-15T14:15:24.413",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "PAX A920Pro/A50 devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow local code execution via parameter injection by bypassing the input validation when flashing a specific partition. \n\n\n\n\n\nThe attacker must have physical USB access to the device in order to exploit this vulnerability."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cvd@cert.pl",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "PHYSICAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 6.8,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 0.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cvd@cert.pl",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-20"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://blog.stmcyber.com/pax-pos-cves-2023/",
+      "source": "cvd@cert.pl"
+    },
+    {
+      "url": "https://cert.pl/en/posts/2024/01/CVE-2023-4818/",
+      "source": "cvd@cert.pl"
+    },
+    {
+      "url": "https://cert.pl/posts/2024/01/CVE-2023-4818/",
+      "source": "cvd@cert.pl"
+    },
+    {
+      "url": "https://ppn.paxengine.com/release/development",
+      "source": "cvd@cert.pl"
+    }
+  ]
+}

CVE-2023/CVE-2023-421xx/CVE-2023-42136.json

@@ -0,0 +1,67 @@
+{
+  "id": "CVE-2023-42136",
+  "sourceIdentifier": "cvd@cert.pl",
+  "published": "2024-01-15T14:15:24.670",
+  "lastModified": "2024-01-15T14:15:24.670",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow the execution of arbitrary commands with system account privilege by shell injection starting with a specific word.\n\n\n\n\nThe attacker must have shell access to the device in order to exploit this vulnerability."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cvd@cert.pl",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cvd@cert.pl",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-20"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://blog.stmcyber.com/pax-pos-cves-2023/",
+      "source": "cvd@cert.pl"
+    },
+    {
+      "url": "https://cert.pl/en/posts/2024/01/CVE-2023-4818/",
+      "source": "cvd@cert.pl"
+    },
+    {
+      "url": "https://cert.pl/posts/2024/01/CVE-2023-4818/",
+      "source": "cvd@cert.pl"
+    },
+    {
+      "url": "https://ppn.paxengine.com/release/development",
+      "source": "cvd@cert.pl"
+    }
+  ]
+}

CVE-2023/CVE-2023-421xx/CVE-2023-42137.json

@@ -0,0 +1,67 @@
+{
+  "id": "CVE-2023-42137",
+  "sourceIdentifier": "cvd@cert.pl",
+  "published": "2024-01-15T14:15:24.900",
+  "lastModified": "2024-01-15T14:15:24.900",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow for command execution with high privileges by using malicious symlinks.\n\n\n\n\nThe attacker must have shell access to the device in order to exploit this vulnerability. \n\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cvd@cert.pl",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cvd@cert.pl",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-20"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://blog.stmcyber.com/pax-pos-cves-2023/",
+      "source": "cvd@cert.pl"
+    },
+    {
+      "url": "https://cert.pl/en/posts/2024/01/CVE-2023-4818/",
+      "source": "cvd@cert.pl"
+    },
+    {
+      "url": "https://cert.pl/posts/2024/01/CVE-2023-4818/",
+      "source": "cvd@cert.pl"
+    },
+    {
+      "url": "https://ppn.paxengine.com/release/development",
+      "source": "cvd@cert.pl"
+    }
+  ]
+}

CVE-2023/CVE-2023-458xx/CVE-2023-45853.json

@@ -2,7 +2,7 @@
   "id": "CVE-2023-45853",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2023-10-14T02:15:09.323",
-  "lastModified": "2023-12-16T23:15:40.647",
+  "lastModified": "2024-01-15T14:15:25.077",
   "vulnStatus": "Modified",
   "descriptions": [
     {
@@ -112,6 +112,10 @@
       "url": "https://pypi.org/project/pyminizip/#history",
       "source": "cve@mitre.org"
     },
+    {
+      "url": "https://security.gentoo.org/glsa/202401-18",
+      "source": "cve@mitre.org"
+    },
     {
       "url": "https://security.netapp.com/advisory/ntap-20231130-0009/",
       "source": "cve@mitre.org"

CVE-2023/CVE-2023-48xx/CVE-2023-4818.json

@@ -0,0 +1,44 @@
+{
+  "id": "CVE-2023-4818",
+  "sourceIdentifier": "cvd@cert.pl",
+  "published": "2024-01-15T14:15:25.180",
+  "lastModified": "2024-01-15T14:15:25.180",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature is correctly checked and only bootloader signed by PAX can be used.\u00a0\n\n\n\n\nThe attacker must have physical USB access to the device in order to exploit this vulnerability.\n\n"
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "cvd@cert.pl",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-20"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://blog.stmcyber.com/pax-pos-cves-2023/",
+      "source": "cvd@cert.pl"
+    },
+    {
+      "url": "https://cert.pl/en/posts/2024/01/CVE-2023-4818/",
+      "source": "cvd@cert.pl"
+    },
+    {
+      "url": "https://cert.pl/posts/2024/01/CVE-2023-4818/",
+      "source": "cvd@cert.pl"
+    },
+    {
+      "url": "https://ppn.paxengine.com/release/development",
+      "source": "cvd@cert.pl"
+    }
+  ]
+}

CVE-2024/CVE-2024-02xx/CVE-2024-0252.json

@@ -2,12 +2,12 @@
   "id": "CVE-2024-0252",
   "sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02",
   "published": "2024-01-11T08:15:35.933",
-  "lastModified": "2024-01-11T13:57:26.160",
+  "lastModified": "2024-01-15T14:15:25.260",
   "vulnStatus": "Awaiting Analysis",
   "descriptions": [
     {
       "lang": "en",
-      "value": "ManageEngine ADSelfService Plus versions\u00a06401\u00a0and below are vulnerable to the remote code execution due to the improper handling in the load balancer component."
+      "value": "ManageEngine ADSelfService Plus versions\u00a06401\u00a0and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability."
     },
     {
       "lang": "es",

CVE-2024/CVE-2024-207xx/CVE-2024-20709.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-20709",
+  "sourceIdentifier": "psirt@adobe.com",
+  "published": "2024-01-15T13:15:07.940",
+  "lastModified": "2024-01-15T13:15:07.940",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@adobe.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 5.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@adobe.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-20"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20709",
+      "source": "psirt@adobe.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-207xx/CVE-2024-20721.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-20721",
+  "sourceIdentifier": "psirt@adobe.com",
+  "published": "2024-01-15T13:15:08.183",
+  "lastModified": "2024-01-15T13:15:08.183",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@adobe.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 5.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@adobe.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-20"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20721",
+      "source": "psirt@adobe.com"
+    }
+  ]
+}

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-01-15T13:00:25.127058+00:00
+2024-01-15T15:00:24.615603+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-01-15T12:15:43.400000+00:00
+2024-01-15T14:15:25.260000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,23 +29,30 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-235902
+235909
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `3`
+Recently added CVEs: `7`
 
-* [CVE-2023-46226](CVE-2023/CVE-2023-462xx/CVE-2023-46226.json) (`2024-01-15T11:15:07.963`)
-* [CVE-2023-5253](CVE-2023/CVE-2023-52xx/CVE-2023-5253.json) (`2024-01-15T11:15:08.627`)
-* [CVE-2023-4001](CVE-2023/CVE-2023-40xx/CVE-2023-4001.json) (`2024-01-15T11:15:08.270`)
+* [CVE-2023-42134](CVE-2023/CVE-2023-421xx/CVE-2023-42134.json) (`2024-01-15T14:15:24.190`)
+* [CVE-2023-42135](CVE-2023/CVE-2023-421xx/CVE-2023-42135.json) (`2024-01-15T14:15:24.413`)
+* [CVE-2023-42136](CVE-2023/CVE-2023-421xx/CVE-2023-42136.json) (`2024-01-15T14:15:24.670`)
+* [CVE-2023-42137](CVE-2023/CVE-2023-421xx/CVE-2023-42137.json) (`2024-01-15T14:15:24.900`)
+* [CVE-2023-4818](CVE-2023/CVE-2023-48xx/CVE-2023-4818.json) (`2024-01-15T14:15:25.180`)
+* [CVE-2024-20709](CVE-2024/CVE-2024-207xx/CVE-2024-20709.json) (`2024-01-15T13:15:07.940`)
+* [CVE-2024-20721](CVE-2024/CVE-2024-207xx/CVE-2024-20721.json) (`2024-01-15T13:15:08.183`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `1`
+Recently modified CVEs: `4`
 
-* [CVE-2023-6129](CVE-2023/CVE-2023-61xx/CVE-2023-6129.json) (`2024-01-15T12:15:43.400`)
+* [CVE-2020-15999](CVE-2020/CVE-2020-159xx/CVE-2020-15999.json) (`2024-01-15T14:15:23.853`)
+* [CVE-2021-36978](CVE-2021/CVE-2021-369xx/CVE-2021-36978.json) (`2024-01-15T14:15:24.063`)
+* [CVE-2023-45853](CVE-2023/CVE-2023-458xx/CVE-2023-45853.json) (`2024-01-15T14:15:25.077`)
+* [CVE-2024-0252](CVE-2024/CVE-2024-02xx/CVE-2024-0252.json) (`2024-01-15T14:15:25.260`)
 
 
 ## Download and Usage