diff --git a/CVE-2023/CVE-2023-46xx/CVE-2023-4617.json b/CVE-2023/CVE-2023-46xx/CVE-2023-4617.json new file mode 100644 index 00000000000..345103ef281 --- /dev/null +++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4617.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2023-4617", + "sourceIdentifier": "cvd@cert.pl", + "published": "2024-12-19T10:15:13.147", + "lastModified": "2024-12-19T10:15:13.147", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing \"device\", \"sku\" and \"type\" fields' values.\u00a0\nThis issue affects Govee Home applications on Android and iOS in versions\u00a0before 5.9." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cvd@cert.pl", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H", + "baseScore": 10.0, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "cvd@cert.pl", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "references": [ + { + "url": "https://apps.apple.com/us/app/govee-home/id1395696823", + "source": "cvd@cert.pl" + }, + { + "url": "https://cert.pl/en/posts/2024/12/CVE-2023-4617/", + "source": "cvd@cert.pl" + }, + { + "url": "https://cert.pl/posts/2024/12/CVE-2023-4617/", + "source": "cvd@cert.pl" + }, + { + "url": "https://play.google.com/store/apps/details?id=com.govee.home", + "source": "cvd@cert.pl" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-116xx/CVE-2024-11616.json b/CVE-2024/CVE-2024-116xx/CVE-2024-11616.json new file mode 100644 index 00000000000..cdee913d879 --- /dev/null +++ b/CVE-2024/CVE-2024-116xx/CVE-2024-11616.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2024-11616", + "sourceIdentifier": "psirt@netskope.com", + "published": "2024-12-19T10:15:13.323", + "lastModified": "2024-12-19T10:15:13.323", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Netskope was made aware of a security vulnerability in Netskope Endpoint DLP\u2019s Content Control Driver where a double-fetch issue leads to heap overflow. The vulnerability arises from the fact that the NumberOfBytes\u00a0argument to ExAllocatePoolWithTag, and the Length argument for RtlCopyMemory, both independently dereference their value from the user supplied input buffer inside the EpdlpSetUsbAction\u00a0function, known as a double-fetch. If this length value grows to a higher value in between these two calls, it will result in the RtlCopyMemory\u00a0call copying user-supplied memory contents outside the range of the allocated buffer, resulting in a heap overflow. A malicious attacker will need admin privileges to exploit the issue.\nThis issue affects Endpoint DLP version below R119." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "psirt@netskope.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.6, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "attackRequirements": "PRESENT", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "LOW", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "psirt@netskope.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2024-003", + "source": "psirt@netskope.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-125xx/CVE-2024-12569.json b/CVE-2024/CVE-2024-125xx/CVE-2024-12569.json new file mode 100644 index 00000000000..47e12cfe282 --- /dev/null +++ b/CVE-2024/CVE-2024-125xx/CVE-2024-12569.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2024-12569", + "sourceIdentifier": "cf45122d-9d50-442a-9b23-e05cde9943d8", + "published": "2024-12-19T09:16:13.830", + "lastModified": "2024-12-19T09:16:13.830", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Disclosure of sensitive information in HikVision camera driver's log file in XProtect Device Pack allows an attacker to read camera credentials stored in the Recording Server under specific conditions." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cf45122d-9d50-442a-9b23-e05cde9943d8", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.2, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "PRESENT", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "HIGH", + "subsequentSystemIntegrity": "HIGH", + "subsequentSystemAvailability": "HIGH", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "cf45122d-9d50-442a-9b23-e05cde9943d8", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-532" + } + ] + } + ], + "references": [ + { + "url": "https://supportcommunity.milestonesys.com/KBRedir?art=000067740&lang=en_US", + "source": "cf45122d-9d50-442a-9b23-e05cde9943d8" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 1f2fa2aed76..33d5f7720bc 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-12-19T09:00:22.604550+00:00 +2024-12-19T11:00:22.375085+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-12-19T08:17:30.470000+00:00 +2024-12-19T10:15:13.323000+00:00 ``` ### Last Data Feed Release @@ -33,18 +33,16 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -274350 +274353 ``` ### CVEs added in the last Commit -Recently added CVEs: `5` +Recently added CVEs: `3` -- [CVE-2020-12819](CVE-2020/CVE-2020-128xx/CVE-2020-12819.json) (`2024-12-19T08:15:11.770`) -- [CVE-2021-26093](CVE-2021/CVE-2021-260xx/CVE-2021-26093.json) (`2024-12-19T08:15:14.717`) -- [CVE-2024-12560](CVE-2024/CVE-2024-125xx/CVE-2024-12560.json) (`2024-12-19T07:15:13.507`) -- [CVE-2024-4229](CVE-2024/CVE-2024-42xx/CVE-2024-4229.json) (`2024-12-19T08:17:30.230`) -- [CVE-2024-4230](CVE-2024/CVE-2024-42xx/CVE-2024-4230.json) (`2024-12-19T08:17:30.470`) +- [CVE-2023-4617](CVE-2023/CVE-2023-46xx/CVE-2023-4617.json) (`2024-12-19T10:15:13.147`) +- [CVE-2024-11616](CVE-2024/CVE-2024-116xx/CVE-2024-11616.json) (`2024-12-19T10:15:13.323`) +- [CVE-2024-12569](CVE-2024/CVE-2024-125xx/CVE-2024-12569.json) (`2024-12-19T09:16:13.830`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 708044d1bb9..87acaec5a82 100644 --- a/_state.csv +++ b/_state.csv @@ -147828,7 +147828,7 @@ CVE-2020-12815,0,0,df32f1c62003cdadbb0afc24ca75df39ca4dc0804ab8b97162715dc4a5294 CVE-2020-12816,0,0,48c51f0235980afbcbab50ea2cb90c8fe4004526e9c3a06265fc9b2c75882eaf,2024-11-21T05:00:19.927000 CVE-2020-12817,0,0,e98d3763d551f764083135cad61bc60ac9df18241e9743a5cc7008fcd5839a56,2024-11-21T05:00:20.053000 CVE-2020-12818,0,0,671fc9fbdbe3092c4779c13951027edfc290fea7c7ab7abd7d0208cd1bbcf899,2024-11-21T05:00:20.173000 -CVE-2020-12819,1,1,55808baac491aaae6a7eac880b91ce002ae30d34f239a61c87cf56ec2a23132d,2024-12-19T08:15:11.770000 +CVE-2020-12819,0,0,55808baac491aaae6a7eac880b91ce002ae30d34f239a61c87cf56ec2a23132d,2024-12-19T08:15:11.770000 CVE-2020-1282,0,0,5dffd0f7490f04d4b38e703efd93f4aeaf53342feda449eb492337d8e143e58b,2024-11-21T05:10:09.537000 CVE-2020-12821,0,0,80bcfaffcfb668796236a3e35b815e8ec4146df6282fdf2e3e6375b32fcb8032,2024-11-21T05:00:20.317000 CVE-2020-12823,0,0,63ce9c2c4c1ef765c93695caf4139f7414cd4af512f7553968ad51b1ea50fa92,2024-11-21T05:00:20.483000 @@ -171881,7 +171881,7 @@ CVE-2021-26088,0,0,c26e6d0a3d2d39cb55ac02c63c46a7014509930ab7b8dfa748b6804dc94fc CVE-2021-26089,0,0,6d8844e9a67c7f9126a795bec2dc39b17e18dec81df6faf3063ff3a641ec63a3,2024-11-21T05:55:51.027000 CVE-2021-26090,0,0,e3f8c1b2626ee36fd370ee3c68bcb4a42ad821868abe4e4fa89f643789009be7,2024-11-21T05:55:51.150000 CVE-2021-26092,0,0,bc381940e01045bf4ebcb99f1b03b7940fa8d07e8399794e6e19a6f437b8a7ae,2024-11-21T05:55:51.277000 -CVE-2021-26093,1,1,e799a25ff881cd6fbb5a1277dea5db2da547d141474ca3b067282410d83cc1d6,2024-12-19T08:15:14.717000 +CVE-2021-26093,0,0,e799a25ff881cd6fbb5a1277dea5db2da547d141474ca3b067282410d83cc1d6,2024-12-19T08:15:14.717000 CVE-2021-26095,0,0,eab82fd930a577aba43ab891efe1cc8f8949906b0a8e50a351f70144f3de22e3,2024-11-21T05:55:51.413000 CVE-2021-26096,0,0,985ad40795b1115555526fe54bd3b71ecaf986e692d7772d71cf0b479480407e,2024-11-21T05:55:51.523000 CVE-2021-26097,0,0,5492509e540c4b9490ee3ecc2fc9e19c927e8dd5d975d3f7f5bdd412c54ecb2a,2024-11-21T05:55:51.667000 @@ -235312,6 +235312,7 @@ CVE-2023-46159,0,0,a9a4381520ef89bf12666310cf5a0db135d670a0c49e8d35deb299a317d62 CVE-2023-4616,0,0,f64fa3b90907518ea67902a05e6872124fd0726c90f62c0e26e73916a42979b6,2024-11-21T08:35:33.150000 CVE-2023-46167,0,0,afd529d982da16d18720d4c13388bd1183b6956c7d792ce9bc4a9ee4dd22bb23,2024-11-21T08:28:00.590000 CVE-2023-46169,0,0,c122dcedb7a3106bebafab755be081f5a7c1050dadce9a606ebf1c2b42582696,2024-11-21T08:28:00.727000 +CVE-2023-4617,1,1,5bb0196deb8ecc44fb6a3c9979f4c83df41283cf88b9697ca4a8c34dc6f6dc2d,2024-12-19T10:15:13.147000 CVE-2023-46170,0,0,02fbb345e6684ea3252480382fe917b2093cd91020cabb6e62386cbddcab9ae0,2024-11-21T08:28:00.837000 CVE-2023-46171,0,0,99246d3eb2c5af0979b770d4b460e6e7d5f8b424ca56568cf6c30f5c307fa2a1,2024-11-21T08:28:00.963000 CVE-2023-46172,0,0,e6d64572c481ef5111eb147fe1f8e056cf30f2bd98551cff315706b0e04dd94d,2024-11-21T08:28:01.080000 @@ -244335,6 +244336,7 @@ CVE-2024-11608,0,0,8ddbc230a8730b76ffe6955779ba3c4d90ea8f23edd3f564c2db516009c0d CVE-2024-1161,0,0,68cc61ca71a85d6059ad02181ec1fb4a89655dbd3db8900d271e7a26ec14fb67,2024-11-21T08:49:56.127000 CVE-2024-11612,0,0,bb444eed2bab8dc9d7d3d2707a19c782bc9311cf8cab3a2875a904169993bb7a,2024-11-22T21:15:17.387000 CVE-2024-11614,0,0,13dd2dd6a852c375ccdb00718f2e6d48f93b262b14487508e32f597f2f0ff20b,2024-12-18T09:15:06.660000 +CVE-2024-11616,1,1,7fe55a3103a7f1599f0b91bf77ae8df1740196fec83f0b800ef3107d2cde642c,2024-12-19T10:15:13.323000 CVE-2024-11618,0,0,faa524e213716321f8f8b440fa9593fea7194f824084fdf0ccb0ec4689ef9c66,2024-11-22T19:15:05.437000 CVE-2024-11619,0,0,17535dfba9741d471fadae0fb91280b5ae16dfa5d4f7978c2708116e3a1ee713,2024-11-22T21:15:17.500000 CVE-2024-1162,0,0,3088f9ddfe31234409eeca0c6733f6625e00a303f5f7e9ffe94fe1a6782630d7,2024-11-21T08:49:56.270000 @@ -244876,8 +244878,9 @@ CVE-2024-12553,0,0,a2255cbe7c81f26e6254fdbc6535a51f1e6a86b8a15e67572b76456e109cd CVE-2024-12554,0,0,9c2c5116d478f8a3368d2869fc0d22776c7ca9cea54e725be0c02d64f1e2b79f,2024-12-18T10:15:08.493000 CVE-2024-12555,0,0,0d42d0c8cac624be8352d225c1fedeed93d78abfe4d84ed9171ab1d4e5a1062b,2024-12-14T05:15:11.827000 CVE-2024-1256,0,0,ea8829298a5ced036094d7fead955f33827bc36bbc0a7f87a81ee1f95b95b282,2024-11-21T08:50:10.293000 -CVE-2024-12560,1,1,59d00c885b51c3e9ef9e4160d8c87472751bc46b43573f63258bdfe4a0067aed,2024-12-19T07:15:13.507000 +CVE-2024-12560,0,0,59d00c885b51c3e9ef9e4160d8c87472751bc46b43573f63258bdfe4a0067aed,2024-12-19T07:15:13.507000 CVE-2024-12564,0,0,0abcb221861e5fc99f1edf43c59fea9ce50a3b4bd68b4b9a5961d76741772172,2024-12-12T15:15:12.097000 +CVE-2024-12569,1,1,85ba460436494f476697b315ff16d44cb76ffc76b518eda7d927b0e3a48ad1e9,2024-12-19T09:16:13.830000 CVE-2024-1257,0,0,7cc030c8f0ebfb33a80da788a5513945114551aaaa2999db4fa614a5f6b08a9b,2024-11-21T08:50:10.443000 CVE-2024-12570,0,0,be94920192af405ec932f38181a462713be2ef7292a21e90f93bf4238cc63d84,2024-12-12T12:15:22.660000 CVE-2024-12572,0,0,b5830ae1a3c6182c738f484a7555b2d49502aecd75946e90268f33cb1f4e6fca,2024-12-13T04:15:05.233000 @@ -262254,7 +262257,7 @@ CVE-2024-42286,0,0,88a350d0d1bfe8d72cadc8f3604c03efc6d680068d7a4563ac5031df086d3 CVE-2024-42287,0,0,96a5843d6e7940d2d66061e6e69ad7677405e85f408d476e7b45f877e5c33148,2024-09-10T19:05:07.670000 CVE-2024-42288,0,0,ad851cd9fb83394e07b4b280aca47c2d5687840222a01a79baab985fdfee8754,2024-09-05T17:38:38.383000 CVE-2024-42289,0,0,c1f5f80e65360bc84de6f1843a63caa8bd7dabe52a8ed74195c3a977c79dccdd,2024-09-05T17:37:49.057000 -CVE-2024-4229,1,1,cf11f22bd5c7b73e043208efe4fe5932fbd0b9bec62ad7a9361a579f569bbc89,2024-12-19T08:17:30.230000 +CVE-2024-4229,0,0,cf11f22bd5c7b73e043208efe4fe5932fbd0b9bec62ad7a9361a579f569bbc89,2024-12-19T08:17:30.230000 CVE-2024-42290,0,0,d27aca27562195d04490643fa18705d7b7ed22675306a86b123d07597c93e3ce,2024-08-19T12:59:59.177000 CVE-2024-42291,0,0,cae7e14d3bf2a910bf5be2341289caed2571c15b89bb59bb6f1bec8a1ae818f1,2024-11-14T16:15:19.550000 CVE-2024-42292,0,0,8310aa9a5630623a5a144ae735b237b95b640aed6f25022423101f353e6f84b0,2024-08-19T12:59:59.177000 @@ -262265,7 +262268,7 @@ CVE-2024-42296,0,0,6f0a4e19d0af7904c42d2fd48012f42857e020384d64582beaccc791074f5 CVE-2024-42297,0,0,652aed150affdd94d2259264bc0331f9c1a6680837141d101ef43985ca846ae4,2024-09-30T13:41:26.463000 CVE-2024-42298,0,0,829a05ef5accf6b1340476cdd4fe04e5c5f5c5aa6bda59614c0f20948f28ca3c,2024-09-10T18:42:19.607000 CVE-2024-42299,0,0,1d9a7f76ca05044914ea6b23419a3afe5dfacda94e0276680ead40f3cc253bdb,2024-08-19T12:59:59.177000 -CVE-2024-4230,1,1,a88480c497fea9617e8693bbae12ee3909a8498b3883a94e64385384957ed561,2024-12-19T08:17:30.470000 +CVE-2024-4230,0,0,a88480c497fea9617e8693bbae12ee3909a8498b3883a94e64385384957ed561,2024-12-19T08:17:30.470000 CVE-2024-42300,0,0,0085a0d67ebb00a2eb0fdee834d161b381fb524f015d1781780f7c3f00257248,2024-08-19T12:59:59.177000 CVE-2024-42301,0,0,129dbb93dae1eabbb963d5dcac7fb57bfbb8caaea663a2c352a786d5bebc25b3,2024-08-22T16:31:18.667000 CVE-2024-42302,0,0,da1015d07a749f28ff926f11e37ddecf9a8893e67ee64cc6c5353120ca48714f,2024-08-22T16:37:26.237000