Auto-Update: 2024-12-30T13:00:19.085676+00:00

This commit is contained in:
cad-safe-bot 2024-12-30 13:03:43 +00:00
parent a81e5713ea
commit d60c1644d0
4 changed files with 157 additions and 26 deletions

View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-10044",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-12-30T12:15:05.990",
"lastModified": "2024-12-30T12:15:05.990",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API endpoint of the Controller API Server in lm-sys/fastchat, as of commit e208d5677c6837d590b81cb03847c0b9de100765. This vulnerability allows attackers to exploit the victim controller API server's credentials to perform unauthorized web actions or access unauthorized web resources by combining it with the POST /register_worker endpoint."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/44633540-377d-4ac4-b3a3-c2d0fa19d0e6",
"source": "security@huntr.dev"
}
]
}

View File

@ -0,0 +1,82 @@
{
"id": "CVE-2024-12993",
"sourceIdentifier": "cvd@cert.pl",
"published": "2024-12-30T11:15:06.100",
"lastModified": "2024-12-30T11:15:06.100",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Infinix devices contain a pre-loaded \"com.rlk.weathers\" application, that exposes an unsecured content provider. An attacker can communicate with the provider and reveal the user\u2019s location without any privileges.\u00a0\nAfter multiple attempts to contact the vendor we did not receive any answer. We suppose this issue affects all Infinix Mobile devices."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cvd@cert.pl",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "cvd@cert.pl",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-497"
}
]
}
],
"references": [
{
"url": "https://cert.pl/en/posts/2024/12/CVE-2024-12993/",
"source": "cvd@cert.pl"
},
{
"url": "https://cert.pl/posts/2024/12/CVE-2024-12993/",
"source": "cvd@cert.pl"
}
]
}

View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-12-30T11:00:19.328332+00:00
2024-12-30T13:00:19.085676+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-12-30T10:15:07.380000+00:00
2024-12-30T12:15:05.990000+00:00
```
### Last Data Feed Release
@ -33,24 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
275166
275168
```
### CVEs added in the last Commit
Recently added CVEs: `11`
Recently added CVEs: `2`
- [CVE-2024-22063](CVE-2024/CVE-2024-220xx/CVE-2024-22063.json) (`2024-12-30T10:15:05.867`)
- [CVE-2024-47917](CVE-2024/CVE-2024-479xx/CVE-2024-47917.json) (`2024-12-30T10:15:06.067`)
- [CVE-2024-47918](CVE-2024/CVE-2024-479xx/CVE-2024-47918.json) (`2024-12-30T10:15:06.223`)
- [CVE-2024-47919](CVE-2024/CVE-2024-479xx/CVE-2024-47919.json) (`2024-12-30T10:15:06.377`)
- [CVE-2024-47920](CVE-2024/CVE-2024-479xx/CVE-2024-47920.json) (`2024-12-30T10:15:06.510`)
- [CVE-2024-47921](CVE-2024/CVE-2024-479xx/CVE-2024-47921.json) (`2024-12-30T10:15:06.643`)
- [CVE-2024-47922](CVE-2024/CVE-2024-479xx/CVE-2024-47922.json) (`2024-12-30T10:15:06.790`)
- [CVE-2024-47923](CVE-2024/CVE-2024-479xx/CVE-2024-47923.json) (`2024-12-30T10:15:06.947`)
- [CVE-2024-47924](CVE-2024/CVE-2024-479xx/CVE-2024-47924.json) (`2024-12-30T10:15:07.090`)
- [CVE-2024-47925](CVE-2024/CVE-2024-479xx/CVE-2024-47925.json) (`2024-12-30T10:15:07.233`)
- [CVE-2024-47926](CVE-2024/CVE-2024-479xx/CVE-2024-47926.json) (`2024-12-30T10:15:07.380`)
- [CVE-2024-10044](CVE-2024/CVE-2024-100xx/CVE-2024-10044.json) (`2024-12-30T12:15:05.990`)
- [CVE-2024-12993](CVE-2024/CVE-2024-129xx/CVE-2024-12993.json) (`2024-12-30T11:15:06.100`)
### CVEs modified in the last Commit

View File

@ -243127,6 +243127,7 @@ CVE-2024-1004,0,0,7b6f5b47804b16387719a9bf9a5f5e1230f32238a62387586392ff4de375b2
CVE-2024-10040,0,0,f83eb1bf0d191e6ff28c64987d9d925532ba47fbade95b4f2582be8beaa243b5,2024-11-01T18:26:23.450000
CVE-2024-10041,0,0,4bdc31a40e5b93be22916fa013287a5d9490b3f328b8823606b1e70cc7cff0d3,2024-12-18T10:15:05.850000
CVE-2024-10043,0,0,15debe6a05b2854b66ec2962b60af0c6901f10ade93dabb43ab1785dfa9941db,2024-12-12T12:15:21.330000
CVE-2024-10044,1,1,0ca02f4d7a4f59ac995ae285b97ec41d1cc544cb8cf86c1ce9ec7abbeb480665,2024-12-30T12:15:05.990000
CVE-2024-10045,0,0,856fc9a539db9327702f3141fe8cd970de60cdb7e18125e39405eb0d41f31999,2024-10-25T18:52:30.337000
CVE-2024-10046,0,0,affe8ae08e1550f00dfad8d5468ae3e6fc09f4637e56fab36b963f0a53463c60,2024-12-07T02:15:17.543000
CVE-2024-10048,0,0,ecbd52d9f528e72b1a462b39f0bdabc3e6386a862771af6a7927a393730bf0a7,2024-10-29T14:34:04.427000
@ -245226,6 +245227,7 @@ CVE-2024-12989,0,0,2bcfe5274c1815d529b34a7951b77a117c72887b42dca93dbd01b232b34b8
CVE-2024-1299,0,0,c7f245e662ec35ddd87c48ae29ff03e74531f9ba7973bf15293ed4e82f111599,2024-12-11T20:23:27.497000
CVE-2024-12990,0,0,cd13539234dc45b1ae5b61de3417fbc4797286ff3555d2fd58c56a1cd92c5e09,2024-12-27T19:15:08.453000
CVE-2024-12991,0,0,54019e7b68d73f0344785492f9b9bbce20bb2cbc7c842265bed7d16db9555f29,2024-12-27T20:15:22.140000
CVE-2024-12993,1,1,910a602005bae480e806baf71fa523b366d32e2550689b36d8358f1b0b3353b7,2024-12-30T11:15:06.100000
CVE-2024-12994,0,0,acc1f74e8195a57c518abcf58a5f0f074ad6c841f18f8ac330ccbd51f6b8910d,2024-12-28T13:15:18.173000
CVE-2024-12995,0,0,a13870c434ee7e911d0d59c4b1c35ebf0baba5277938deaea1b15c6cff4125c4,2024-12-28T14:15:22.507000
CVE-2024-12998,0,0,eef23b70aa8365e2a841b6d551504892346dc69bac5cd92a662f6e9a2e81cb84,2024-12-28T22:15:16.893000
@ -247715,7 +247717,7 @@ CVE-2024-2206,0,0,5cd23aee739a1ecf37ee5d3e204017ea16f7e42bf349d33e84a18d1c299546
CVE-2024-22060,0,0,ed9ba15c4f298a42f28462f758b92465c987f6953d9ba6f5dbcd801f1adca5dc,2024-11-21T08:55:28.887000
CVE-2024-22061,0,0,4e49e7ee2ac0573d3a15781d9f6f6ecd7315900601a66368e5ff6a2c6b1140a1,2024-11-21T08:55:29.030000
CVE-2024-22062,0,0,5e3fbf901447836256112216e65128d54acccd14efc4bf8ec50b4b4ed373b2b8,2024-11-21T08:55:29.160000
CVE-2024-22063,1,1,6f1c66b38245eb857d5c8d19df16a9c63ae63b60c6af8775abaf08cf522262a4,2024-12-30T10:15:05.867000
CVE-2024-22063,0,0,6f1c66b38245eb857d5c8d19df16a9c63ae63b60c6af8775abaf08cf522262a4,2024-12-30T10:15:05.867000
CVE-2024-22064,0,0,7a159daab9aa6e5774f98aa77b2c2b9cdb3b6481d807f30d09492dd701bec0f0,2024-11-21T08:55:29.303000
CVE-2024-22065,0,0,dae613817a61208717b3a5a276d9f130cc902f700d6c4ff0f2f65e14039fa1e6,2024-10-29T14:34:04.427000
CVE-2024-22066,0,0,70d4e3985898c8aa9a39f7f36b8d64c8bac198bd9861f8715ebb57132067fd4b,2024-11-08T14:31:32.933000
@ -266546,17 +266548,17 @@ CVE-2024-47913,0,0,e92bf0427b7adf27cd04fdc5a8d79fe11a83f28afaf9984e9a926a62921ec
CVE-2024-47914,0,0,d45aeab404253ce96cfa100c7ced4195a1c3af09497362e0f731698d9e730204,2024-11-15T13:58:08.913000
CVE-2024-47915,0,0,9a22be8027040fe480da003180194741f42a15279e6f925652bfe19345653927,2024-11-15T13:58:08.913000
CVE-2024-47916,0,0,33932b79d79c6af0ee005a6e7fc2e2bb088bcfe0a7b5481ded4f6ce2add3e31c,2024-11-15T13:58:08.913000
CVE-2024-47917,1,1,ccd14eff317aa42bba00c35ed918e3f14a5d4c0169d8eda3d5380bb16133a2af,2024-12-30T10:15:06.067000
CVE-2024-47918,1,1,1fbab71b0ee65e01cf75268f2564ce36aa66d7743c675a26cb86775470b5c4df,2024-12-30T10:15:06.223000
CVE-2024-47919,1,1,cb85f979dd6e9e652a98eab43b86fa7e2382c163c7d63ff14e4c4379c93f61ef,2024-12-30T10:15:06.377000
CVE-2024-47917,0,0,ccd14eff317aa42bba00c35ed918e3f14a5d4c0169d8eda3d5380bb16133a2af,2024-12-30T10:15:06.067000
CVE-2024-47918,0,0,1fbab71b0ee65e01cf75268f2564ce36aa66d7743c675a26cb86775470b5c4df,2024-12-30T10:15:06.223000
CVE-2024-47919,0,0,cb85f979dd6e9e652a98eab43b86fa7e2382c163c7d63ff14e4c4379c93f61ef,2024-12-30T10:15:06.377000
CVE-2024-4792,0,0,fa6e5afe18217f009cd2de1100fb67a7f283ef61d98ff61cdde102013614a3ef,2024-11-21T09:43:37.300000
CVE-2024-47920,1,1,90dd3556d7354a94036f4ed56d6807839cc1e6af4b50774f9ba72413cf8e179b,2024-12-30T10:15:06.510000
CVE-2024-47921,1,1,bee75beb03a497cb6d89f1de43a2711eff6e1d557d5e0222c260a8dd217eb86f,2024-12-30T10:15:06.643000
CVE-2024-47922,1,1,3ba1ec5f08dbf7c9f1a5073b6a431e5af57fab07790c17b5f01633e2237bdf51,2024-12-30T10:15:06.790000
CVE-2024-47923,1,1,cd35189467ba66d2897baaec1cc91f427222522d5f70b421011f349f07065f84,2024-12-30T10:15:06.947000
CVE-2024-47924,1,1,aab3c5d3b70e22f20cf28c021d2e57a3abd4a30be19951e62efabf8285dfb9f8,2024-12-30T10:15:07.090000
CVE-2024-47925,1,1,58c7de5cfe904d70c55522ad3f8a275ebbafa3086c96318a84bb533c4bd1d5bc,2024-12-30T10:15:07.233000
CVE-2024-47926,1,1,515a12d94be2af0f63a4f9cfe590dcc83e95251f6865c8e54a1dcf87d9ec9ca1,2024-12-30T10:15:07.380000
CVE-2024-47920,0,0,90dd3556d7354a94036f4ed56d6807839cc1e6af4b50774f9ba72413cf8e179b,2024-12-30T10:15:06.510000
CVE-2024-47921,0,0,bee75beb03a497cb6d89f1de43a2711eff6e1d557d5e0222c260a8dd217eb86f,2024-12-30T10:15:06.643000
CVE-2024-47922,0,0,3ba1ec5f08dbf7c9f1a5073b6a431e5af57fab07790c17b5f01633e2237bdf51,2024-12-30T10:15:06.790000
CVE-2024-47923,0,0,cd35189467ba66d2897baaec1cc91f427222522d5f70b421011f349f07065f84,2024-12-30T10:15:06.947000
CVE-2024-47924,0,0,aab3c5d3b70e22f20cf28c021d2e57a3abd4a30be19951e62efabf8285dfb9f8,2024-12-30T10:15:07.090000
CVE-2024-47925,0,0,58c7de5cfe904d70c55522ad3f8a275ebbafa3086c96318a84bb533c4bd1d5bc,2024-12-30T10:15:07.233000
CVE-2024-47926,0,0,515a12d94be2af0f63a4f9cfe590dcc83e95251f6865c8e54a1dcf87d9ec9ca1,2024-12-30T10:15:07.380000
CVE-2024-4793,0,0,a6ca6dc2e5c47daa16d59954e19a82bf00c36bb6db82d6b1c1e23c1f1df319c1,2024-11-21T09:43:37.463000
CVE-2024-47939,0,0,56807ff489784cf4fadb2e00da7b797597c1ced2e2c98f8bd3c06e8fe447a672,2024-11-01T12:57:03.417000
CVE-2024-4794,0,0,c8bbe767ad72c9235212e11271c46c761e04d6a9b46861dabd15f61ddf88f000,2024-11-21T09:43:37.600000

Can't render this file because it is too large.