Auto-Update: 2024-12-19T11:00:22.375085+00:00

CVE-2023/CVE-2023-46xx/CVE-2023-4617.json

@@ -0,0 +1,68 @@
+{
+  "id": "CVE-2023-4617",
+  "sourceIdentifier": "cvd@cert.pl",
+  "published": "2024-12-19T10:15:13.147",
+  "lastModified": "2024-12-19T10:15:13.147",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing \"device\", \"sku\" and \"type\" fields' values.\u00a0\nThis issue affects Govee Home applications on Android and iOS in versions\u00a0before 5.9."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cvd@cert.pl",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H",
+          "baseScore": 10.0,
+          "baseSeverity": "CRITICAL",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 6.0
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cvd@cert.pl",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-863"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://apps.apple.com/us/app/govee-home/id1395696823",
+      "source": "cvd@cert.pl"
+    },
+    {
+      "url": "https://cert.pl/en/posts/2024/12/CVE-2023-4617/",
+      "source": "cvd@cert.pl"
+    },
+    {
+      "url": "https://cert.pl/posts/2024/12/CVE-2023-4617/",
+      "source": "cvd@cert.pl"
+    },
+    {
+      "url": "https://play.google.com/store/apps/details?id=com.govee.home",
+      "source": "cvd@cert.pl"
+    }
+  ]
+}

CVE-2024/CVE-2024-116xx/CVE-2024-11616.json

@@ -0,0 +1,78 @@
+{
+  "id": "CVE-2024-11616",
+  "sourceIdentifier": "psirt@netskope.com",
+  "published": "2024-12-19T10:15:13.323",
+  "lastModified": "2024-12-19T10:15:13.323",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Netskope was made aware of a security vulnerability in Netskope Endpoint DLP\u2019s Content Control Driver where a double-fetch issue leads to heap overflow. The vulnerability arises from the fact that the NumberOfBytes\u00a0argument to ExAllocatePoolWithTag, and the Length argument for RtlCopyMemory, both independently dereference their value from the user supplied input buffer inside the EpdlpSetUsbAction\u00a0function, known as a double-fetch. If this length value grows to a higher value in between these two calls, it will result in the RtlCopyMemory\u00a0call copying user-supplied memory contents outside the range of the allocated buffer, resulting in a heap overflow. A malicious attacker will need admin privileges to exploit the issue.\nThis issue affects Endpoint DLP version below R119."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "psirt@netskope.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "baseScore": 5.6,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "LOCAL",
+          "attackComplexity": "HIGH",
+          "attackRequirements": "PRESENT",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "vulnerableSystemConfidentiality": "NONE",
+          "vulnerableSystemIntegrity": "NONE",
+          "vulnerableSystemAvailability": "HIGH",
+          "subsequentSystemConfidentiality": "NONE",
+          "subsequentSystemIntegrity": "LOW",
+          "subsequentSystemAvailability": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirements": "NOT_DEFINED",
+          "integrityRequirements": "NOT_DEFINED",
+          "availabilityRequirements": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
+          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
+          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
+          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
+          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
+          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
+          "safety": "NOT_DEFINED",
+          "automatable": "NOT_DEFINED",
+          "recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED"
+        }
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@netskope.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-125"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2024-003",
+      "source": "psirt@netskope.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-125xx/CVE-2024-12569.json

@@ -0,0 +1,78 @@
+{
+  "id": "CVE-2024-12569",
+  "sourceIdentifier": "cf45122d-9d50-442a-9b23-e05cde9943d8",
+  "published": "2024-12-19T09:16:13.830",
+  "lastModified": "2024-12-19T09:16:13.830",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Disclosure of sensitive information in HikVision camera driver's log file in XProtect Device Pack allows an attacker to read camera credentials stored in the Recording Server under specific conditions."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "cf45122d-9d50-442a-9b23-e05cde9943d8",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "baseScore": 5.2,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "attackRequirements": "PRESENT",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "vulnerableSystemConfidentiality": "NONE",
+          "vulnerableSystemIntegrity": "NONE",
+          "vulnerableSystemAvailability": "NONE",
+          "subsequentSystemConfidentiality": "HIGH",
+          "subsequentSystemIntegrity": "HIGH",
+          "subsequentSystemAvailability": "HIGH",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirements": "NOT_DEFINED",
+          "integrityRequirements": "NOT_DEFINED",
+          "availabilityRequirements": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
+          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
+          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
+          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
+          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
+          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
+          "safety": "NOT_DEFINED",
+          "automatable": "NOT_DEFINED",
+          "recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED"
+        }
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cf45122d-9d50-442a-9b23-e05cde9943d8",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-532"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://supportcommunity.milestonesys.com/KBRedir?art=000067740&lang=en_US",
+      "source": "cf45122d-9d50-442a-9b23-e05cde9943d8"
+    }
+  ]
+}

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-12-19T09:00:22.604550+00:00
+2024-12-19T11:00:22.375085+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-12-19T08:17:30.470000+00:00
+2024-12-19T10:15:13.323000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,18 +33,16 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-274350
+274353
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `5`
+Recently added CVEs: `3`
 
-- [CVE-2020-12819](CVE-2020/CVE-2020-128xx/CVE-2020-12819.json) (`2024-12-19T08:15:11.770`)
-- [CVE-2021-26093](CVE-2021/CVE-2021-260xx/CVE-2021-26093.json) (`2024-12-19T08:15:14.717`)
-- [CVE-2024-12560](CVE-2024/CVE-2024-125xx/CVE-2024-12560.json) (`2024-12-19T07:15:13.507`)
-- [CVE-2024-4229](CVE-2024/CVE-2024-42xx/CVE-2024-4229.json) (`2024-12-19T08:17:30.230`)
-- [CVE-2024-4230](CVE-2024/CVE-2024-42xx/CVE-2024-4230.json) (`2024-12-19T08:17:30.470`)
+- [CVE-2023-4617](CVE-2023/CVE-2023-46xx/CVE-2023-4617.json) (`2024-12-19T10:15:13.147`)
+- [CVE-2024-11616](CVE-2024/CVE-2024-116xx/CVE-2024-11616.json) (`2024-12-19T10:15:13.323`)
+- [CVE-2024-12569](CVE-2024/CVE-2024-125xx/CVE-2024-12569.json) (`2024-12-19T09:16:13.830`)
 
 
 ### CVEs modified in the last Commit

_state.csv

@@ -147828,7 +147828,7 @@ CVE-2020-12815,0,0,df32f1c62003cdadbb0afc24ca75df39ca4dc0804ab8b97162715dc4a5294
 CVE-2020-12816,0,0,48c51f0235980afbcbab50ea2cb90c8fe4004526e9c3a06265fc9b2c75882eaf,2024-11-21T05:00:19.927000
 CVE-2020-12817,0,0,e98d3763d551f764083135cad61bc60ac9df18241e9743a5cc7008fcd5839a56,2024-11-21T05:00:20.053000
 CVE-2020-12818,0,0,671fc9fbdbe3092c4779c13951027edfc290fea7c7ab7abd7d0208cd1bbcf899,2024-11-21T05:00:20.173000
-CVE-2020-12819,1,1,55808baac491aaae6a7eac880b91ce002ae30d34f239a61c87cf56ec2a23132d,2024-12-19T08:15:11.770000
+CVE-2020-12819,0,0,55808baac491aaae6a7eac880b91ce002ae30d34f239a61c87cf56ec2a23132d,2024-12-19T08:15:11.770000
 CVE-2020-1282,0,0,5dffd0f7490f04d4b38e703efd93f4aeaf53342feda449eb492337d8e143e58b,2024-11-21T05:10:09.537000
 CVE-2020-12821,0,0,80bcfaffcfb668796236a3e35b815e8ec4146df6282fdf2e3e6375b32fcb8032,2024-11-21T05:00:20.317000
 CVE-2020-12823,0,0,63ce9c2c4c1ef765c93695caf4139f7414cd4af512f7553968ad51b1ea50fa92,2024-11-21T05:00:20.483000
@@ -171881,7 +171881,7 @@ CVE-2021-26088,0,0,c26e6d0a3d2d39cb55ac02c63c46a7014509930ab7b8dfa748b6804dc94fc
 CVE-2021-26089,0,0,6d8844e9a67c7f9126a795bec2dc39b17e18dec81df6faf3063ff3a641ec63a3,2024-11-21T05:55:51.027000
 CVE-2021-26090,0,0,e3f8c1b2626ee36fd370ee3c68bcb4a42ad821868abe4e4fa89f643789009be7,2024-11-21T05:55:51.150000
 CVE-2021-26092,0,0,bc381940e01045bf4ebcb99f1b03b7940fa8d07e8399794e6e19a6f437b8a7ae,2024-11-21T05:55:51.277000
-CVE-2021-26093,1,1,e799a25ff881cd6fbb5a1277dea5db2da547d141474ca3b067282410d83cc1d6,2024-12-19T08:15:14.717000
+CVE-2021-26093,0,0,e799a25ff881cd6fbb5a1277dea5db2da547d141474ca3b067282410d83cc1d6,2024-12-19T08:15:14.717000
 CVE-2021-26095,0,0,eab82fd930a577aba43ab891efe1cc8f8949906b0a8e50a351f70144f3de22e3,2024-11-21T05:55:51.413000
 CVE-2021-26096,0,0,985ad40795b1115555526fe54bd3b71ecaf986e692d7772d71cf0b479480407e,2024-11-21T05:55:51.523000
 CVE-2021-26097,0,0,5492509e540c4b9490ee3ecc2fc9e19c927e8dd5d975d3f7f5bdd412c54ecb2a,2024-11-21T05:55:51.667000
@@ -235312,6 +235312,7 @@ CVE-2023-46159,0,0,a9a4381520ef89bf12666310cf5a0db135d670a0c49e8d35deb299a317d62
 CVE-2023-4616,0,0,f64fa3b90907518ea67902a05e6872124fd0726c90f62c0e26e73916a42979b6,2024-11-21T08:35:33.150000
 CVE-2023-46167,0,0,afd529d982da16d18720d4c13388bd1183b6956c7d792ce9bc4a9ee4dd22bb23,2024-11-21T08:28:00.590000
 CVE-2023-46169,0,0,c122dcedb7a3106bebafab755be081f5a7c1050dadce9a606ebf1c2b42582696,2024-11-21T08:28:00.727000
+CVE-2023-4617,1,1,5bb0196deb8ecc44fb6a3c9979f4c83df41283cf88b9697ca4a8c34dc6f6dc2d,2024-12-19T10:15:13.147000
 CVE-2023-46170,0,0,02fbb345e6684ea3252480382fe917b2093cd91020cabb6e62386cbddcab9ae0,2024-11-21T08:28:00.837000
 CVE-2023-46171,0,0,99246d3eb2c5af0979b770d4b460e6e7d5f8b424ca56568cf6c30f5c307fa2a1,2024-11-21T08:28:00.963000
 CVE-2023-46172,0,0,e6d64572c481ef5111eb147fe1f8e056cf30f2bd98551cff315706b0e04dd94d,2024-11-21T08:28:01.080000
@@ -244335,6 +244336,7 @@ CVE-2024-11608,0,0,8ddbc230a8730b76ffe6955779ba3c4d90ea8f23edd3f564c2db516009c0d
 CVE-2024-1161,0,0,68cc61ca71a85d6059ad02181ec1fb4a89655dbd3db8900d271e7a26ec14fb67,2024-11-21T08:49:56.127000
 CVE-2024-11612,0,0,bb444eed2bab8dc9d7d3d2707a19c782bc9311cf8cab3a2875a904169993bb7a,2024-11-22T21:15:17.387000
 CVE-2024-11614,0,0,13dd2dd6a852c375ccdb00718f2e6d48f93b262b14487508e32f597f2f0ff20b,2024-12-18T09:15:06.660000
+CVE-2024-11616,1,1,7fe55a3103a7f1599f0b91bf77ae8df1740196fec83f0b800ef3107d2cde642c,2024-12-19T10:15:13.323000
 CVE-2024-11618,0,0,faa524e213716321f8f8b440fa9593fea7194f824084fdf0ccb0ec4689ef9c66,2024-11-22T19:15:05.437000
 CVE-2024-11619,0,0,17535dfba9741d471fadae0fb91280b5ae16dfa5d4f7978c2708116e3a1ee713,2024-11-22T21:15:17.500000
 CVE-2024-1162,0,0,3088f9ddfe31234409eeca0c6733f6625e00a303f5f7e9ffe94fe1a6782630d7,2024-11-21T08:49:56.270000
@@ -244876,8 +244878,9 @@ CVE-2024-12553,0,0,a2255cbe7c81f26e6254fdbc6535a51f1e6a86b8a15e67572b76456e109cd
 CVE-2024-12554,0,0,9c2c5116d478f8a3368d2869fc0d22776c7ca9cea54e725be0c02d64f1e2b79f,2024-12-18T10:15:08.493000
 CVE-2024-12555,0,0,0d42d0c8cac624be8352d225c1fedeed93d78abfe4d84ed9171ab1d4e5a1062b,2024-12-14T05:15:11.827000
 CVE-2024-1256,0,0,ea8829298a5ced036094d7fead955f33827bc36bbc0a7f87a81ee1f95b95b282,2024-11-21T08:50:10.293000
-CVE-2024-12560,1,1,59d00c885b51c3e9ef9e4160d8c87472751bc46b43573f63258bdfe4a0067aed,2024-12-19T07:15:13.507000
+CVE-2024-12560,0,0,59d00c885b51c3e9ef9e4160d8c87472751bc46b43573f63258bdfe4a0067aed,2024-12-19T07:15:13.507000
 CVE-2024-12564,0,0,0abcb221861e5fc99f1edf43c59fea9ce50a3b4bd68b4b9a5961d76741772172,2024-12-12T15:15:12.097000
+CVE-2024-12569,1,1,85ba460436494f476697b315ff16d44cb76ffc76b518eda7d927b0e3a48ad1e9,2024-12-19T09:16:13.830000
 CVE-2024-1257,0,0,7cc030c8f0ebfb33a80da788a5513945114551aaaa2999db4fa614a5f6b08a9b,2024-11-21T08:50:10.443000
 CVE-2024-12570,0,0,be94920192af405ec932f38181a462713be2ef7292a21e90f93bf4238cc63d84,2024-12-12T12:15:22.660000
 CVE-2024-12572,0,0,b5830ae1a3c6182c738f484a7555b2d49502aecd75946e90268f33cb1f4e6fca,2024-12-13T04:15:05.233000
@@ -262254,7 +262257,7 @@ CVE-2024-42286,0,0,88a350d0d1bfe8d72cadc8f3604c03efc6d680068d7a4563ac5031df086d3
 CVE-2024-42287,0,0,96a5843d6e7940d2d66061e6e69ad7677405e85f408d476e7b45f877e5c33148,2024-09-10T19:05:07.670000
 CVE-2024-42288,0,0,ad851cd9fb83394e07b4b280aca47c2d5687840222a01a79baab985fdfee8754,2024-09-05T17:38:38.383000
 CVE-2024-42289,0,0,c1f5f80e65360bc84de6f1843a63caa8bd7dabe52a8ed74195c3a977c79dccdd,2024-09-05T17:37:49.057000
-CVE-2024-4229,1,1,cf11f22bd5c7b73e043208efe4fe5932fbd0b9bec62ad7a9361a579f569bbc89,2024-12-19T08:17:30.230000
+CVE-2024-4229,0,0,cf11f22bd5c7b73e043208efe4fe5932fbd0b9bec62ad7a9361a579f569bbc89,2024-12-19T08:17:30.230000
 CVE-2024-42290,0,0,d27aca27562195d04490643fa18705d7b7ed22675306a86b123d07597c93e3ce,2024-08-19T12:59:59.177000
 CVE-2024-42291,0,0,cae7e14d3bf2a910bf5be2341289caed2571c15b89bb59bb6f1bec8a1ae818f1,2024-11-14T16:15:19.550000
 CVE-2024-42292,0,0,8310aa9a5630623a5a144ae735b237b95b640aed6f25022423101f353e6f84b0,2024-08-19T12:59:59.177000
@@ -262265,7 +262268,7 @@ CVE-2024-42296,0,0,6f0a4e19d0af7904c42d2fd48012f42857e020384d64582beaccc791074f5
 CVE-2024-42297,0,0,652aed150affdd94d2259264bc0331f9c1a6680837141d101ef43985ca846ae4,2024-09-30T13:41:26.463000
 CVE-2024-42298,0,0,829a05ef5accf6b1340476cdd4fe04e5c5f5c5aa6bda59614c0f20948f28ca3c,2024-09-10T18:42:19.607000
 CVE-2024-42299,0,0,1d9a7f76ca05044914ea6b23419a3afe5dfacda94e0276680ead40f3cc253bdb,2024-08-19T12:59:59.177000
-CVE-2024-4230,1,1,a88480c497fea9617e8693bbae12ee3909a8498b3883a94e64385384957ed561,2024-12-19T08:17:30.470000
+CVE-2024-4230,0,0,a88480c497fea9617e8693bbae12ee3909a8498b3883a94e64385384957ed561,2024-12-19T08:17:30.470000
 CVE-2024-42300,0,0,0085a0d67ebb00a2eb0fdee834d161b381fb524f015d1781780f7c3f00257248,2024-08-19T12:59:59.177000
 CVE-2024-42301,0,0,129dbb93dae1eabbb963d5dcac7fb57bfbb8caaea663a2c352a786d5bebc25b3,2024-08-22T16:31:18.667000
 CVE-2024-42302,0,0,da1015d07a749f28ff926f11e37ddecf9a8893e67ee64cc6c5353120ca48714f,2024-08-22T16:37:26.237000