diff --git a/CVE-2020/CVE-2020-159xx/CVE-2020-15999.json b/CVE-2020/CVE-2020-159xx/CVE-2020-15999.json index cf56c33bac6..58a6dbbe84e 100644 --- a/CVE-2020/CVE-2020-159xx/CVE-2020-15999.json +++ b/CVE-2020/CVE-2020-159xx/CVE-2020-15999.json @@ -2,7 +2,7 @@ "id": "CVE-2020-15999", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2020-11-03T03:15:14.853", - "lastModified": "2023-11-07T03:18:00.770", + "lastModified": "2024-01-15T14:15:23.853", "vulnStatus": "Modified", "cisaExploitAdd": "2021-11-03", "cisaActionDue": "2021-11-17", @@ -219,6 +219,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202401-19", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2021/dsa-4824", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2021/CVE-2021-369xx/CVE-2021-36978.json b/CVE-2021/CVE-2021-369xx/CVE-2021-36978.json index ec72c392cca..65d772b114b 100644 --- a/CVE-2021/CVE-2021-369xx/CVE-2021-36978.json +++ b/CVE-2021/CVE-2021-369xx/CVE-2021-36978.json @@ -2,7 +2,7 @@ "id": "CVE-2021-36978", "sourceIdentifier": "cve@mitre.org", "published": "2021-07-20T07:15:08.030", - "lastModified": "2023-09-01T16:15:07.650", + "lastModified": "2024-01-15T14:15:24.063", "vulnStatus": "Modified", "descriptions": [ { @@ -132,6 +132,10 @@ { "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00037.html", "source": "cve@mitre.org" + }, + { + "url": "https://security.gentoo.org/glsa/202401-20", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-421xx/CVE-2023-42134.json b/CVE-2023/CVE-2023-421xx/CVE-2023-42134.json new file mode 100644 index 00000000000..70318997c57 --- /dev/null +++ b/CVE-2023/CVE-2023-421xx/CVE-2023-42134.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-42134", + "sourceIdentifier": "cvd@cert.pl", + "published": "2024-01-15T14:15:24.190", + "lastModified": "2024-01-15T14:15:24.190", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.45_20230314 or earlier can allow the signed partition overwrite and subsequently local code execution via hidden command.\n\n\n\n\n\nThe attacker must have physical USB access to the device in order to exploit this vulnerability.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cvd@cert.pl", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "cvd@cert.pl", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-912" + } + ] + } + ], + "references": [ + { + "url": "https://blog.stmcyber.com/pax-pos-cves-2023/", + "source": "cvd@cert.pl" + }, + { + "url": "https://cert.pl/en/posts/2024/01/CVE-2023-4818/", + "source": "cvd@cert.pl" + }, + { + "url": "https://cert.pl/posts/2024/01/CVE-2023-4818/", + "source": "cvd@cert.pl" + }, + { + "url": "https://ppn.paxengine.com/release/development", + "source": "cvd@cert.pl" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-421xx/CVE-2023-42135.json b/CVE-2023/CVE-2023-421xx/CVE-2023-42135.json new file mode 100644 index 00000000000..eb24a048e77 --- /dev/null +++ b/CVE-2023/CVE-2023-421xx/CVE-2023-42135.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-42135", + "sourceIdentifier": "cvd@cert.pl", + "published": "2024-01-15T14:15:24.413", + "lastModified": "2024-01-15T14:15:24.413", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "PAX A920Pro/A50 devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow local code execution via parameter injection by bypassing the input validation when flashing a specific partition. \n\n\n\n\n\nThe attacker must have physical USB access to the device in order to exploit this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cvd@cert.pl", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "cvd@cert.pl", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://blog.stmcyber.com/pax-pos-cves-2023/", + "source": "cvd@cert.pl" + }, + { + "url": "https://cert.pl/en/posts/2024/01/CVE-2023-4818/", + "source": "cvd@cert.pl" + }, + { + "url": "https://cert.pl/posts/2024/01/CVE-2023-4818/", + "source": "cvd@cert.pl" + }, + { + "url": "https://ppn.paxengine.com/release/development", + "source": "cvd@cert.pl" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-421xx/CVE-2023-42136.json b/CVE-2023/CVE-2023-421xx/CVE-2023-42136.json new file mode 100644 index 00000000000..7c85b3088e0 --- /dev/null +++ b/CVE-2023/CVE-2023-421xx/CVE-2023-42136.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-42136", + "sourceIdentifier": "cvd@cert.pl", + "published": "2024-01-15T14:15:24.670", + "lastModified": "2024-01-15T14:15:24.670", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow the execution of arbitrary commands with system account privilege by shell injection starting with a specific word.\n\n\n\n\nThe attacker must have shell access to the device in order to exploit this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cvd@cert.pl", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "cvd@cert.pl", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://blog.stmcyber.com/pax-pos-cves-2023/", + "source": "cvd@cert.pl" + }, + { + "url": "https://cert.pl/en/posts/2024/01/CVE-2023-4818/", + "source": "cvd@cert.pl" + }, + { + "url": "https://cert.pl/posts/2024/01/CVE-2023-4818/", + "source": "cvd@cert.pl" + }, + { + "url": "https://ppn.paxengine.com/release/development", + "source": "cvd@cert.pl" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-421xx/CVE-2023-42137.json b/CVE-2023/CVE-2023-421xx/CVE-2023-42137.json new file mode 100644 index 00000000000..f83fda30ae8 --- /dev/null +++ b/CVE-2023/CVE-2023-421xx/CVE-2023-42137.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-42137", + "sourceIdentifier": "cvd@cert.pl", + "published": "2024-01-15T14:15:24.900", + "lastModified": "2024-01-15T14:15:24.900", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow for command execution with high privileges by using malicious symlinks.\n\n\n\n\nThe attacker must have shell access to the device in order to exploit this vulnerability. \n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cvd@cert.pl", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "cvd@cert.pl", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://blog.stmcyber.com/pax-pos-cves-2023/", + "source": "cvd@cert.pl" + }, + { + "url": "https://cert.pl/en/posts/2024/01/CVE-2023-4818/", + "source": "cvd@cert.pl" + }, + { + "url": "https://cert.pl/posts/2024/01/CVE-2023-4818/", + "source": "cvd@cert.pl" + }, + { + "url": "https://ppn.paxengine.com/release/development", + "source": "cvd@cert.pl" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-458xx/CVE-2023-45853.json b/CVE-2023/CVE-2023-458xx/CVE-2023-45853.json index ea399823436..40ca3bbf6c3 100644 --- a/CVE-2023/CVE-2023-458xx/CVE-2023-45853.json +++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45853.json @@ -2,7 +2,7 @@ "id": "CVE-2023-45853", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-14T02:15:09.323", - "lastModified": "2023-12-16T23:15:40.647", + "lastModified": "2024-01-15T14:15:25.077", "vulnStatus": "Modified", "descriptions": [ { @@ -112,6 +112,10 @@ "url": "https://pypi.org/project/pyminizip/#history", "source": "cve@mitre.org" }, + { + "url": "https://security.gentoo.org/glsa/202401-18", + "source": "cve@mitre.org" + }, { "url": "https://security.netapp.com/advisory/ntap-20231130-0009/", "source": "cve@mitre.org" diff --git a/CVE-2023/CVE-2023-48xx/CVE-2023-4818.json b/CVE-2023/CVE-2023-48xx/CVE-2023-4818.json new file mode 100644 index 00000000000..946ddf44b9a --- /dev/null +++ b/CVE-2023/CVE-2023-48xx/CVE-2023-4818.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2023-4818", + "sourceIdentifier": "cvd@cert.pl", + "published": "2024-01-15T14:15:25.180", + "lastModified": "2024-01-15T14:15:25.180", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature is correctly checked and only bootloader signed by PAX can be used.\u00a0\n\n\n\n\nThe attacker must have physical USB access to the device in order to exploit this vulnerability.\n\n" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "cvd@cert.pl", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://blog.stmcyber.com/pax-pos-cves-2023/", + "source": "cvd@cert.pl" + }, + { + "url": "https://cert.pl/en/posts/2024/01/CVE-2023-4818/", + "source": "cvd@cert.pl" + }, + { + "url": "https://cert.pl/posts/2024/01/CVE-2023-4818/", + "source": "cvd@cert.pl" + }, + { + "url": "https://ppn.paxengine.com/release/development", + "source": "cvd@cert.pl" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-02xx/CVE-2024-0252.json b/CVE-2024/CVE-2024-02xx/CVE-2024-0252.json index bc845f54c5f..0b007312590 100644 --- a/CVE-2024/CVE-2024-02xx/CVE-2024-0252.json +++ b/CVE-2024/CVE-2024-02xx/CVE-2024-0252.json @@ -2,12 +2,12 @@ "id": "CVE-2024-0252", "sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02", "published": "2024-01-11T08:15:35.933", - "lastModified": "2024-01-11T13:57:26.160", + "lastModified": "2024-01-15T14:15:25.260", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "ManageEngine ADSelfService Plus versions\u00a06401\u00a0and below are vulnerable to the remote code execution due to the improper handling in the load balancer component." + "value": "ManageEngine ADSelfService Plus versions\u00a06401\u00a0and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability." }, { "lang": "es", diff --git a/CVE-2024/CVE-2024-207xx/CVE-2024-20709.json b/CVE-2024/CVE-2024-207xx/CVE-2024-20709.json new file mode 100644 index 00000000000..e8a2736ca48 --- /dev/null +++ b/CVE-2024/CVE-2024-207xx/CVE-2024-20709.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-20709", + "sourceIdentifier": "psirt@adobe.com", + "published": "2024-01-15T13:15:07.940", + "lastModified": "2024-01-15T13:15:07.940", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20709", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-207xx/CVE-2024-20721.json b/CVE-2024/CVE-2024-207xx/CVE-2024-20721.json new file mode 100644 index 00000000000..07f6f55f8fb --- /dev/null +++ b/CVE-2024/CVE-2024-207xx/CVE-2024-20721.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-20721", + "sourceIdentifier": "psirt@adobe.com", + "published": "2024-01-15T13:15:08.183", + "lastModified": "2024-01-15T13:15:08.183", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20721", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 7ea710b28bb..6c29e9e4938 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-15T13:00:25.127058+00:00 +2024-01-15T15:00:24.615603+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-15T12:15:43.400000+00:00 +2024-01-15T14:15:25.260000+00:00 ``` ### Last Data Feed Release @@ -29,23 +29,30 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -235902 +235909 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `7` -* [CVE-2023-46226](CVE-2023/CVE-2023-462xx/CVE-2023-46226.json) (`2024-01-15T11:15:07.963`) -* [CVE-2023-5253](CVE-2023/CVE-2023-52xx/CVE-2023-5253.json) (`2024-01-15T11:15:08.627`) -* [CVE-2023-4001](CVE-2023/CVE-2023-40xx/CVE-2023-4001.json) (`2024-01-15T11:15:08.270`) +* [CVE-2023-42134](CVE-2023/CVE-2023-421xx/CVE-2023-42134.json) (`2024-01-15T14:15:24.190`) +* [CVE-2023-42135](CVE-2023/CVE-2023-421xx/CVE-2023-42135.json) (`2024-01-15T14:15:24.413`) +* [CVE-2023-42136](CVE-2023/CVE-2023-421xx/CVE-2023-42136.json) (`2024-01-15T14:15:24.670`) +* [CVE-2023-42137](CVE-2023/CVE-2023-421xx/CVE-2023-42137.json) (`2024-01-15T14:15:24.900`) +* [CVE-2023-4818](CVE-2023/CVE-2023-48xx/CVE-2023-4818.json) (`2024-01-15T14:15:25.180`) +* [CVE-2024-20709](CVE-2024/CVE-2024-207xx/CVE-2024-20709.json) (`2024-01-15T13:15:07.940`) +* [CVE-2024-20721](CVE-2024/CVE-2024-207xx/CVE-2024-20721.json) (`2024-01-15T13:15:08.183`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `4` -* [CVE-2023-6129](CVE-2023/CVE-2023-61xx/CVE-2023-6129.json) (`2024-01-15T12:15:43.400`) +* [CVE-2020-15999](CVE-2020/CVE-2020-159xx/CVE-2020-15999.json) (`2024-01-15T14:15:23.853`) +* [CVE-2021-36978](CVE-2021/CVE-2021-369xx/CVE-2021-36978.json) (`2024-01-15T14:15:24.063`) +* [CVE-2023-45853](CVE-2023/CVE-2023-458xx/CVE-2023-45853.json) (`2024-01-15T14:15:25.077`) +* [CVE-2024-0252](CVE-2024/CVE-2024-02xx/CVE-2024-0252.json) (`2024-01-15T14:15:25.260`) ## Download and Usage