diff --git a/CVE-2024/CVE-2024-128xx/CVE-2024-12896.json b/CVE-2024/CVE-2024-128xx/CVE-2024-12896.json new file mode 100644 index 00000000000..8911cb07ac1 --- /dev/null +++ b/CVE-2024/CVE-2024-128xx/CVE-2024-12896.json @@ -0,0 +1,148 @@ +{ + "id": "CVE-2024-12896", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-12-22T23:15:05.677", + "lastModified": "2024-12-22T23:15:05.677", + "vulnStatus": "Received", + "cveTags": [ + { + "sourceIdentifier": "cna@vuldb.com", + "tags": [ + "unsupported-when-assigned" + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3 and VIP S4320 G2 up to 20241222 and classified as problematic. Affected by this issue is some unknown functionality of the file /web_caps/webCapsConfig of the component Web Interface. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor assesses that \"the information disclosed in the URL is not sensitive or poses any risk to the user\"." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "baseScore": 5.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 10.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + }, + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://netsecfish.notion.site/IntelBras-IP-Camera-Information-Disclosure-15e6b683e67c80a89f89daf59daa9ea8?pvs=73", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.289166", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.289166", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.464258", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-128xx/CVE-2024-12897.json b/CVE-2024/CVE-2024-128xx/CVE-2024-12897.json new file mode 100644 index 00000000000..57eb380f4f6 --- /dev/null +++ b/CVE-2024/CVE-2024-128xx/CVE-2024-12897.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-12897", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-12-23T00:15:04.940", + "lastModified": "2024-12-23T00:15:04.940", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3 and VIP S4320 G2 up to 20241222. It has been classified as critical. This affects an unknown part of the file ../mtd/Config/Sha1Account1 of the component Web Interface. The manipulation leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", + "baseScore": 4.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-23" + }, + { + "lang": "en", + "value": "CWE-24" + } + ] + } + ], + "references": [ + { + "url": "https://netsecfish.notion.site/Path-Traversal-Vulnerability-in-IntelBras-IP-Cameras-mtd-Config-Sha1Account1-and-mtd-Confi-15e6b683e67c80809442ee3425f753b7?pvs=4", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.289167", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.289167", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.464260", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-563xx/CVE-2024-56375.json b/CVE-2024/CVE-2024-563xx/CVE-2024-56375.json new file mode 100644 index 00000000000..3b336f083fd --- /dev/null +++ b/CVE-2024/CVE-2024-563xx/CVE-2024-56375.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-56375", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-12-22T23:15:06.613", + "lastModified": "2024-12-22T23:15:06.613", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An integer underflow was discovered in Fort 1.6.3 and 1.6.4 before 1.6.5. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a Manifest RPKI object containing an empty fileList. Fort dereferences (and, shortly afterwards, writes to) this array during a shuffle attempt, before the validation that would normally reject it when empty. This out-of-bounds access is caused by an integer underflow that causes the surrounding loop to iterate infinitely. Because the product is permanently stuck attempting to overshuffle an array that doesn't actually exist, a crash is nearly guaranteed." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://nicmx.github.io/FORT-validator/CVE.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-563xx/CVE-2024-56378.json b/CVE-2024/CVE-2024-563xx/CVE-2024-56378.json new file mode 100644 index 00000000000..5d163d9390f --- /dev/null +++ b/CVE-2024/CVE-2024-563xx/CVE-2024-56378.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-56378", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-12-23T00:15:05.133", + "lastModified": "2024-12-23T00:15:05.133", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gitlab.freedesktop.org/poppler/poppler/-/blob/30eada0d2bceb42c2d2a87361339063e0b9bea50/CMakeLists.txt#L621", + "source": "cve@mitre.org" + }, + { + "url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/ade9b5ebed44b0c15522c27669ef6cdf93eff84e", + "source": "cve@mitre.org" + }, + { + "url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1553", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 90057ff8f44..1c79db27d18 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-12-22T23:00:19.687430+00:00 +2024-12-23T00:55:20.453102+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-12-22T22:15:06.670000+00:00 +2024-12-23T00:15:05.133000+00:00 ``` ### Last Data Feed Release @@ -33,18 +33,17 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -274553 +274557 ``` ### CVEs added in the last Commit -Recently added CVEs: `5` +Recently added CVEs: `4` -- [CVE-2024-56310](CVE-2024/CVE-2024-563xx/CVE-2024-56310.json) (`2024-12-22T21:15:16.433`) -- [CVE-2024-56311](CVE-2024/CVE-2024-563xx/CVE-2024-56311.json) (`2024-12-22T21:15:16.600`) -- [CVE-2024-56312](CVE-2024/CVE-2024-563xx/CVE-2024-56312.json) (`2024-12-22T22:15:05.630`) -- [CVE-2024-56313](CVE-2024/CVE-2024-563xx/CVE-2024-56313.json) (`2024-12-22T22:15:06.540`) -- [CVE-2024-56314](CVE-2024/CVE-2024-563xx/CVE-2024-56314.json) (`2024-12-22T22:15:06.670`) +- [CVE-2024-12896](CVE-2024/CVE-2024-128xx/CVE-2024-12896.json) (`2024-12-22T23:15:05.677`) +- [CVE-2024-12897](CVE-2024/CVE-2024-128xx/CVE-2024-12897.json) (`2024-12-23T00:15:04.940`) +- [CVE-2024-56375](CVE-2024/CVE-2024-563xx/CVE-2024-56375.json) (`2024-12-22T23:15:06.613`) +- [CVE-2024-56378](CVE-2024/CVE-2024-563xx/CVE-2024-56378.json) (`2024-12-23T00:15:05.133`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 2d581b0b38f..44d108fb0e9 100644 --- a/_state.csv +++ b/_state.csv @@ -245068,6 +245068,8 @@ CVE-2024-12892,0,0,78fb726b8df2a16fb6eb0917a0a0e88fecc9c6f1f88ab8ca30a5dd210b4e6 CVE-2024-12893,0,0,0cecbca340b22ce3e457e2f182e11f58f94f145b2638c6f827bb0ed4008214df,2024-12-22T08:15:06.083000 CVE-2024-12894,0,0,38ca8339bb6400ff08caeebde70032264a7662949504841ad5ff150add3fcd6e,2024-12-22T12:15:16.203000 CVE-2024-12895,0,0,2693178457c1a41a6444992ddd10869064ffff2889e27b11cf327858c567765e,2024-12-22T14:15:04.923000 +CVE-2024-12896,1,1,b46bab1f05703ff0008332eb402a62ef781a767148efb6c7c7134cb4f610f1e9,2024-12-22T23:15:05.677000 +CVE-2024-12897,1,1,e84417159b1fa979d786feb5c9c9428d1f89aad1baca53371c1b473a818b22fd,2024-12-23T00:15:04.940000 CVE-2024-1290,0,0,7c95f47c5c3e77faa57d4558ce65f60c9fa0ea7551f118126af89c59b8448f97,2024-11-21T08:50:14.680000 CVE-2024-1291,0,0,52c4840726a3cf584db63abe3d1006ff575604ba403c25fca89470816948ce5e,2024-11-21T08:50:14.863000 CVE-2024-1292,0,0,38d9bc6a557167174bf37c6662c68d5de6a783380fb5a30941c923054e3f2f16,2024-11-21T08:50:14.983000 @@ -270825,11 +270827,11 @@ CVE-2024-5628,0,0,755412ba03c7f502c54c635c9705b96a4154da09bb9bfca64f93d1d41d08cf CVE-2024-5629,0,0,f9daa1fe2950a7ccef0838fb6e6cae4a7319a3ab1da6174da12e5faf2c955f5a,2024-11-21T09:48:02.860000 CVE-2024-5630,0,0,50874e31f2d6c9403bb3dbaf933b8b3f439196ea7c18b531eba9bc061324fe0f,2024-11-21T09:48:03.020000 CVE-2024-5631,0,0,2a74e658158bae900a85436e92fd017c375ea2371e9ccb7b5a67e7bbd481f6b3,2024-11-21T09:48:03.210000 -CVE-2024-56310,1,1,fd778eb590d1fbb32130fffba54ed545129192edf10e26cf3a21b5e6459b501d,2024-12-22T21:15:16.433000 -CVE-2024-56311,1,1,e2eae5ad5d224b6d2217bcfe83f7bd65df83e28c0bec948bad3706d862749a90,2024-12-22T21:15:16.600000 -CVE-2024-56312,1,1,b3ff8a8f9068c3a156742e12a6bc627bc59e105684871a4faad004e80a37c8af,2024-12-22T22:15:05.630000 -CVE-2024-56313,1,1,bab8100491ae46d1acfcde4c0f557fb02ee2d8f1cf2ffae579d4a3928d2f1703,2024-12-22T22:15:06.540000 -CVE-2024-56314,1,1,5c94b3924b2872303b1ac6d2c357e874b9bf8bb914ff58119e06c5cd125443ca,2024-12-22T22:15:06.670000 +CVE-2024-56310,0,0,fd778eb590d1fbb32130fffba54ed545129192edf10e26cf3a21b5e6459b501d,2024-12-22T21:15:16.433000 +CVE-2024-56311,0,0,e2eae5ad5d224b6d2217bcfe83f7bd65df83e28c0bec948bad3706d862749a90,2024-12-22T21:15:16.600000 +CVE-2024-56312,0,0,b3ff8a8f9068c3a156742e12a6bc627bc59e105684871a4faad004e80a37c8af,2024-12-22T22:15:05.630000 +CVE-2024-56313,0,0,bab8100491ae46d1acfcde4c0f557fb02ee2d8f1cf2ffae579d4a3928d2f1703,2024-12-22T22:15:06.540000 +CVE-2024-56314,0,0,5c94b3924b2872303b1ac6d2c357e874b9bf8bb914ff58119e06c5cd125443ca,2024-12-22T22:15:06.670000 CVE-2024-56317,0,0,b4a1e923d734c9748bfefb232cd94998c16ae77377149acd2e40ce01c1c90af8,2024-12-18T23:15:18.023000 CVE-2024-56318,0,0,41fe9d7571c5ddeaf622da00eaaa1951e3cb55078c3acd81346bfd3e36464d15,2024-12-19T00:15:06.897000 CVE-2024-56319,0,0,2db5aea7f2e2c0716ff3ae059d9992998ac87c8ff6e8b34fca05f1a112cb61c5,2024-12-18T23:15:18.373000 @@ -270859,6 +270861,8 @@ CVE-2024-56358,0,0,a5242b1488bc185e31d245df23f8cd112af7bc1ad520eb610922e4932f3aa CVE-2024-56359,0,0,57fb0eb3210037d0725af8cb3d5a41f7619e854b3139ae13f78a6461042373b7,2024-12-20T21:15:10.880000 CVE-2024-5636,0,0,be674ee7db367fbb27ae45f825fa3b6cac855c767643bde3f8b1378da8ddb51a,2024-11-21T09:48:03.883000 CVE-2024-5637,0,0,a5e32b0dfdcc3b00fa1c534a6efa8caef39b80f083f1c956c246ad8a83c6df00,2024-11-21T09:48:04.030000 +CVE-2024-56375,1,1,2a34ccceff495c37ae84092fe8c0ad283727cd545575a5f30821495b0c5dc2ed,2024-12-22T23:15:06.613000 +CVE-2024-56378,1,1,6719f8ca56230694a59bc1f5e75e3ab9feb822f8501e080a6c8cff7081436ef7,2024-12-23T00:15:05.133000 CVE-2024-5638,0,0,4a64496852c4ee147220588b5d1940917ce749a1b3dd56d16a77a8cf3ed54b84,2024-11-21T09:48:04.153000 CVE-2024-5639,0,0,78123d59d6ff1062d5cdcc1456c84b89eb240e57bd822aee818d4edc5bb804e5,2024-11-21T09:48:04.290000 CVE-2024-5640,0,0,01c62801966d56f9308a985efd017779bd36dfe950ad675d920936fb65a56c1f,2024-11-21T09:48:04.440000