Auto-Update: 2024-12-17T05:00:31.582484+00:00

2025-07-11 16:13:34 +00:00 · 2024-12-17 05:03:54 +00:00 · 2024-12-17 05:03:54 +00:00 · 080c4b3ea1
commit 080c4b3ea1
parent 4f3dee045e
7 changed files with 302 additions and 11 deletions
--- a/CVE-2020/CVE-2020-124xx/CVE-2020-12484.json
+++ b/CVE-2020/CVE-2020-124xx/CVE-2020-12484.json
@ -0,0 +1,56 @@
 {
  "id": "CVE-2020-12484",
  "sourceIdentifier": "security@vivo.com",
  "published": "2024-12-17T03:15:05.613",
  "lastModified": "2024-12-17T03:15:05.613",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "When using special mode to connect to enterprise wifi, certain options are not properly configured and attackers can pretend to be enterprise wifi through a carefully constructed wifi with the same name, which can lead to man-in-the-middle attacks."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@vivo.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
          "baseScore": 6.4,
          "baseSeverity": "MEDIUM",
          "attackVector": "ADJACENT_NETWORK",
          "attackComplexity": "HIGH",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.2
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security@vivo.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.vivo.com/en/support/security-advisory-detail?id=3",
      "source": "security@vivo.com"
    }
  ]
 }
--- a/CVE-2020/CVE-2020-124xx/CVE-2020-12487.json
+++ b/CVE-2020/CVE-2020-124xx/CVE-2020-12487.json
@ -0,0 +1,56 @@
 {
  "id": "CVE-2020-12487",
  "sourceIdentifier": "security@vivo.com",
  "published": "2024-12-17T03:15:06.453",
  "lastModified": "2024-12-17T03:15:06.453",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Due to the flaws in the verification of input parameters, the attacker can input carefully constructed commands to make the ABE service execute some commands with root privilege."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@vivo.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
          "baseScore": 7.0,
          "baseSeverity": "HIGH",
          "attackVector": "PHYSICAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 0.7,
        "impactScore": 5.8
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security@vivo.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.vivo.com/en/support/security-advisory-detail?id=4",
      "source": "security@vivo.com"
    }
  ]
 }
--- a/CVE-2021/CVE-2021-262xx/CVE-2021-26278.json
+++ b/CVE-2021/CVE-2021-262xx/CVE-2021-26278.json
@ -0,0 +1,56 @@
 {
  "id": "CVE-2021-26278",
  "sourceIdentifier": "security@vivo.com",
  "published": "2024-12-17T03:15:06.573",
  "lastModified": "2024-12-17T03:15:06.573",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The wifi module exposes the interface and has improper permission control, leaking sensitive information about the device."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@vivo.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 4.0
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security@vivo.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.vivo.com/en/support/security-advisory-detail?id=7",
      "source": "security@vivo.com"
    }
  ]
 }
--- a/CVE-2021/CVE-2021-262xx/CVE-2021-26279.json
+++ b/CVE-2021/CVE-2021-262xx/CVE-2021-26279.json
@ -0,0 +1,56 @@
 {
  "id": "CVE-2021-26279",
  "sourceIdentifier": "security@vivo.com",
  "published": "2024-12-17T04:15:05.333",
  "lastModified": "2024-12-17T04:15:05.333",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Some parameters of the weather module are improperly stored, leaking some sensitive information."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@vivo.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 1.5,
        "impactScore": 4.0
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security@vivo.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.vivo.com/en/support/security-advisory-detail?id=10",
      "source": "security@vivo.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-122xx/CVE-2024-12239.json
+++ b/CVE-2024/CVE-2024-122xx/CVE-2024-12239.json
@ -0,0 +1,60 @@
 {
  "id": "CVE-2024-12239",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2024-12-17T03:15:06.710",
  "lastModified": "2024-12-17T03:15:06.710",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The PowerPack Lite for Beaver Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the navigate parameter in all versions up to, and including, 1.3.0.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an administrative user into performing an action such as clicking on a link."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@wordfence.com",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security@wordfence.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://plugins.trac.wordpress.org/browser/powerpack-addon-for-beaver-builder/trunk/includes/admin-settings-templates.php#L62",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5138ed4c-3e9c-45da-917e-e8d8396a62f1?source=cve",
      "source": "security@wordfence.com"
    }
  ]
 }
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 ```plain
-2024-12-17T03:00:29.987705+00:00
+2024-12-17T05:00:31.582484+00:00
 ```
 ### Most recent CVE Modification Timestamp synchronized with NVD
 ```plain
-2024-12-17T02:15:04.670000+00:00
+2024-12-17T04:15:05.333000+00:00
 ```
 ### Last Data Feed Release
@ -33,22 +33,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 ```plain
-274096
+274101
 ```
 ### CVEs added in the last Commit
-Recently added CVEs: `1`
+Recently added CVEs: `5`
- [CVE-2024-10205](CVE-2024/CVE-2024-102xx/CVE-2024-10205.json) (`2024-12-17T02:15:04.670`)
+- [CVE-2020-12484](CVE-2020/CVE-2020-124xx/CVE-2020-12484.json) (`2024-12-17T03:15:05.613`)
 - [CVE-2020-12487](CVE-2020/CVE-2020-124xx/CVE-2020-12487.json) (`2024-12-17T03:15:06.453`)
 - [CVE-2021-26278](CVE-2021/CVE-2021-262xx/CVE-2021-26278.json) (`2024-12-17T03:15:06.573`)
 - [CVE-2021-26279](CVE-2021/CVE-2021-262xx/CVE-2021-26279.json) (`2024-12-17T04:15:05.333`)
 - [CVE-2024-12239](CVE-2024/CVE-2024-122xx/CVE-2024-12239.json) (`2024-12-17T03:15:06.710`)
 ### CVEs modified in the last Commit
-Recently modified CVEs: `2`
+Recently modified CVEs: `0`
 - [CVE-2024-20767](CVE-2024/CVE-2024-207xx/CVE-2024-20767.json) (`2024-12-17T02:00:02.077`)
 - [CVE-2024-35250](CVE-2024/CVE-2024-352xx/CVE-2024-35250.json) (`2024-12-17T02:00:02.077`)
 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -147523,7 +147523,9 @@ CVE-2020-12479,0,0,ec17c17b09e976e1a152c643e3819d31c36aa7665a5a00e913db3e872553d
 CVE-2020-1248,0,0,13846caf4ce8e83ae09b68ddfc0a09f0e2c8b82eb7c11fce8ac89777e4b28958,2024-11-21T05:10:04.680000
 CVE-2020-12480,0,0,0eb005b3147816e6714e49902149bb9b5f1f1e4f7114cad3e2c62d80cd30989b,2024-11-21T04:59:47.240000
 CVE-2020-12483,0,0,077f89965a271291848319a5ac990a75c110e11b7bca84d208ce8c4f40ff051f,2024-11-21T04:59:47.377000
 CVE-2020-12484,1,1,cabcdf4c18d0aeced1f122124c5e71c0ee429091bf81927dc9e3b8f3c7396d45,2024-12-17T03:15:05.613000
 CVE-2020-12485,0,0,34d81bb19b71d2eb23361fb1f271047b4813b2499e1cb998e4798b107710317c,2024-11-21T04:59:47.523000
 CVE-2020-12487,1,1,c82fc8bbd8e4396cdabebc006a1dbee8bd281d5be94f199f90a1f512290eb4cb,2024-12-17T03:15:06.453000
 CVE-2020-12488,0,0,aa5f4d3af768dd7a35ad93f0603aebf70b7c10f6792c470bb94ed94e60611a16,2024-11-21T04:59:47.660000
 CVE-2020-1249,0,0,ee0dd0717eadfbf0e10875ab0544a1bfd1f22d694690d411785027304662d187,2024-11-21T05:10:04.813000
 CVE-2020-12491,0,0,f0ca1d801193be292260dc60337caae3590167cf6284edefb2b1d11a8df2c5e3,2024-11-25T10:15:04.983000
@ -171951,6 +171953,8 @@ CVE-2021-26274,0,0,197895f44e1ae2d83cc6d85c4c4212de83f3ab926cbedcc348730f67e6324
 CVE-2021-26275,0,0,c67a46870365f376d673abcd812dcccefaea6dc5f29b65664d2310b910034002,2024-11-21T05:56:01.397000
 CVE-2021-26276,0,0,fe12842147a3d9597cc53ff3b852150c687cc9cccbec63feeda8fb67ff2b9400,2024-11-21T05:56:01.557000
 CVE-2021-26277,0,0,0a521d9773294b67632bbd79404a9f6d2a97acd1eb8e9f9a8038e5d2b475c2ca,2024-11-21T05:56:01.737000
 CVE-2021-26278,1,1,55407bd13a095819f1504458cc6585abdb858e5fd2879472762489a613345e4f,2024-12-17T03:15:06.573000
 CVE-2021-26279,1,1,9dd09a10896aa30f87886cca9f28cc67fa690cc104e533c9343e07e9982338fb,2024-12-17T04:15:05.333000
 CVE-2021-26291,0,0,a04873286f43d02ade91ec647e4cbb9371cd14cf2599798866ce37ea0cdaa411,2024-11-21T05:56:01.890000
 CVE-2021-26293,0,0,c750cb4d2f6ab1250e05b92eab3115686dad6da9115e076093b7972b18076f46,2024-11-21T05:56:02.120000
 CVE-2021-26294,0,0,c601a19fe6c9ddea2dedc80c3da8fb3ff5a80b9d3af720fefe2ace690f633037,2024-11-21T05:56:02.270000
@ -243179,7 +243183,7 @@ CVE-2024-10201,0,0,d28f8397fef58d8ebbc3ab5219a78ce309df9376e42404e5bb217ebab8ee8
 CVE-2024-10202,0,0,e24b6f6c53e1e294cbc144ab84950b92d8732523af1d88b225f6757a45ec2cd3,2024-10-24T13:55:46.110000
 CVE-2024-10203,0,0,c44f09c095e5f43bcaf05ddbccb708d70c961ded60a3f26c0a4aedf8833eb1d7,2024-11-08T19:01:03.880000
 CVE-2024-10204,0,0,c1aef3d759e33911bc7bc0be9dac4b362c17b81fcf2e1e72015f81b94fc1ab9d,2024-11-19T21:57:32.967000
-CVE-2024-10205,1,1,b66f885e8cef7783311250f8a7eeaff136b6049ef5ec7ec57aa1b3b7bf63badd,2024-12-17T02:15:04.670000
+CVE-2024-10205,0,0,b66f885e8cef7783311250f8a7eeaff136b6049ef5ec7ec57aa1b3b7bf63badd,2024-12-17T02:15:04.670000
 CVE-2024-1021,0,0,56f2f9eee79bdc92dbb448a3c95eee6b8f89b4e054d4b7192e1d1c62db78aeca,2024-11-21T08:49:37.003000
 CVE-2024-10214,0,0,467db0fceb73548b6a7ebc4075348a74b9e7e348b74ad43d9d19dc1d995ea230,2024-11-05T17:03:22.953000
 CVE-2024-10216,0,0,3b33d4ace8102c37cd94e685981da92ecdd510dbca3a990bc771780d9758061a,2024-11-23T04:15:07.523000
@ -244658,6 +244662,7 @@ CVE-2024-12233,0,0,d89c9263a4f22f201b1dce8be51578aec307181a11a72f57d5d6a093a5589
 CVE-2024-12234,0,0,25d3aa7d45ccf0539b66121de3bcd155bbef1f8925f8aad4f69521eed8a998f2,2024-12-10T23:25:36.387000
 CVE-2024-12235,0,0,92689efaa37165c78224efb1efe409523be7fb3f3558d4576511504eb96aac91,2024-12-05T18:15:21.660000
 CVE-2024-12236,0,0,390d11985338138a2913d618c1818ae388b2b2c32249174c40691687eabfe343,2024-12-10T15:15:07.147000
 CVE-2024-12239,1,1,7e14d3325d4b147176649ece8dc2b0064f40f6c3be58ca9c730b210c8ac8ed58,2024-12-17T03:15:06.710000
 CVE-2024-1224,0,0,cbfbaa5b4f0e1c410530412d727d5bf58dfe126bd3d740f330bf5c6e93a0658e,2024-11-21T08:50:05.487000
 CVE-2024-12247,0,0,ad117a7da5529073984608210b9ebf0c8357341e47d0f7a47c01f4275cf4ac25,2024-12-05T16:15:25.243000
 CVE-2024-1225,0,0,1335eabc5dc5752fbd7f31a11bdeda2f1be9be2c21abaca809140eabb8940f2a,2024-11-21T08:50:05.673000
@ -246105,7 +246110,7 @@ CVE-2024-20763,0,0,85e3d365bd8f70bb83e697510efbc0c1af98cc029e70ebe9045e9cb8471b8
 CVE-2024-20764,0,0,a080d634ce17b8cdbb85357fca6cda5d794fe7d9539aa4c5f46ce35e5c1cac27,2024-12-04T15:15:25.463000
 CVE-2024-20765,0,0,40964bb8beca999330ba180c774b93466f325f8731cc914b7b9cd58d9c2d050c,2024-11-21T08:53:06.653000
 CVE-2024-20766,0,0,95ac04a20504881d574a50944d27c002096349013c0a37ca7842a8653794b342,2024-12-05T15:18:04.873000
-CVE-2024-20767,0,1,ae66121e62e6acd691604b5a21c1e50b45baacd384bdb97fe32d5d6340bf6c84,2024-12-17T02:00:02.077000
+CVE-2024-20767,0,0,ae66121e62e6acd691604b5a21c1e50b45baacd384bdb97fe32d5d6340bf6c84,2024-12-17T02:00:02.077000
 CVE-2024-20768,0,0,5cfbec6f58ac0ddaff40efa6f7a3cd9811b930452273e0862a7b84351ebbd04e,2024-12-03T21:46:08.623000
 CVE-2024-20769,0,0,6f13dc6481e3cb8cd025c6fbd6c6e0274141093e081dce88926d28d6a572c19b,2024-11-21T08:53:07.133000
 CVE-2024-2077,0,0,d186f54d9f8a90379d391459b9a5cb9d8307f4f1713a18aa8bf99e9d56318c5c,2024-12-09T22:39:42.837000
@ -257004,7 +257009,7 @@ CVE-2024-35247,0,0,dda0cd3411fcd13059f9606bedd08c571900aa945b233a955dbeca9ed9ce9
 CVE-2024-35248,0,0,7c3ed5cb016eeae24ebeb7d52be404adf38788725c5e83b5d27391e0dc1d9bf7,2024-11-21T09:20:00.980000
 CVE-2024-35249,0,0,302b7c8906e51cdc971703773787e3153a88d65789ad0641a56c6ae0bd42570d,2024-11-21T09:20:01.130000
 CVE-2024-3525,0,0,8b2c6a8c265bd120a4ae62349e50b9dc4f071348306abdc8eba422a9675a5ff1,2024-11-21T09:29:46.930000
-CVE-2024-35250,0,1,ce6a53f3c0a8dfa3764b939943deaf8e7659c0859ad9a03dafbf3ef57b7b7d43,2024-12-17T02:00:02.077000
+CVE-2024-35250,0,0,ce6a53f3c0a8dfa3764b939943deaf8e7659c0859ad9a03dafbf3ef57b7b7d43,2024-12-17T02:00:02.077000
 CVE-2024-35252,0,0,0f8cf4ca91d191378f3442941d01f34b6bf05c200f0024f0bb3474e02f2e50d7,2024-11-21T09:20:01.453000
 CVE-2024-35253,0,0,bee685c773d8375872a8fd41de235ce0377b714b15d51115236139dd0a8b700c,2024-11-21T09:20:01.607000
 CVE-2024-35254,0,0,0973352a78955e1008d161d71b8515ce181d81658087521aabcddd672b8cbfcc,2024-11-21T09:20:01.750000