mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-07-09 16:05:11 +00:00
Auto-Update: 2024-12-30T13:00:19.085676+00:00
This commit is contained in:
cad-safe-bot
parent
a81e5713ea
commit
d60c1644d0
56
CVE-2024/CVE-2024-100xx/CVE-2024-10044.json
Normal file
56
CVE-2024/CVE-2024-100xx/CVE-2024-10044.json
Normal file
@ -0,0 +1,56 @@
|
||||
{
|
||||
"id": "CVE-2024-10044",
|
||||
"sourceIdentifier": "security@huntr.dev",
|
||||
"published": "2024-12-30T12:15:05.990",
|
||||
"lastModified": "2024-12-30T12:15:05.990",
|
||||
"vulnStatus": "Received",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API endpoint of the Controller API Server in lm-sys/fastchat, as of commit e208d5677c6837d590b81cb03847c0b9de100765. This vulnerability allows attackers to exploit the victim controller API server's credentials to perform unauthorized web actions or access unauthorized web resources by combining it with the POST /register_worker endpoint."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV30": [
|
||||
{
|
||||
"source": "security@huntr.dev",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.0",
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
|
||||
"baseScore": 9.3,
|
||||
"baseSeverity": "CRITICAL",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "CHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "NONE"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 4.7
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "security@huntr.dev",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-918"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://huntr.com/bounties/44633540-377d-4ac4-b3a3-c2d0fa19d0e6",
|
||||
"source": "security@huntr.dev"
|
||||
}
|
||||
]
|
||||
}
|
||||
82
CVE-2024/CVE-2024-129xx/CVE-2024-12993.json
Normal file
82
CVE-2024/CVE-2024-129xx/CVE-2024-12993.json
Normal file
@ -0,0 +1,82 @@
|
||||
{
|
||||
"id": "CVE-2024-12993",
|
||||
"sourceIdentifier": "cvd@cert.pl",
|
||||
"published": "2024-12-30T11:15:06.100",
|
||||
"lastModified": "2024-12-30T11:15:06.100",
|
||||
"vulnStatus": "Received",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Infinix devices contain a pre-loaded \"com.rlk.weathers\" application, that exposes an unsecured content provider. An attacker can communicate with the provider and reveal the user\u2019s location without any privileges.\u00a0\nAfter multiple attempts to contact the vendor we did not receive any answer. We suppose this issue affects all Infinix Mobile devices."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV40": [
|
||||
{
|
||||
"source": "cvd@cert.pl",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "4.0",
|
||||
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
|
||||
"baseScore": 4.8,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"attackVector": "LOCAL",
|
||||
"attackComplexity": "LOW",
|
||||
"attackRequirements": "NONE",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "PASSIVE",
|
||||
"vulnerableSystemConfidentiality": "LOW",
|
||||
"vulnerableSystemIntegrity": "NONE",
|
||||
"vulnerableSystemAvailability": "NONE",
|
||||
"subsequentSystemConfidentiality": "NONE",
|
||||
"subsequentSystemIntegrity": "NONE",
|
||||
"subsequentSystemAvailability": "NONE",
|
||||
"exploitMaturity": "NOT_DEFINED",
|
||||
"confidentialityRequirements": "NOT_DEFINED",
|
||||
"integrityRequirements": "NOT_DEFINED",
|
||||
"availabilityRequirements": "NOT_DEFINED",
|
||||
"modifiedAttackVector": "NOT_DEFINED",
|
||||
"modifiedAttackComplexity": "NOT_DEFINED",
|
||||
"modifiedAttackRequirements": "NOT_DEFINED",
|
||||
"modifiedPrivilegesRequired": "NOT_DEFINED",
|
||||
"modifiedUserInteraction": "NOT_DEFINED",
|
||||
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
|
||||
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
|
||||
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
|
||||
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
|
||||
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
|
||||
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
|
||||
"safety": "NOT_DEFINED",
|
||||
"automatable": "NOT_DEFINED",
|
||||
"recovery": "NOT_DEFINED",
|
||||
"valueDensity": "NOT_DEFINED",
|
||||
"vulnerabilityResponseEffort": "NOT_DEFINED",
|
||||
"providerUrgency": "NOT_DEFINED"
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "cvd@cert.pl",
|
||||
"type": "Secondary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-497"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://cert.pl/en/posts/2024/12/CVE-2024-12993/",
|
||||
"source": "cvd@cert.pl"
|
||||
},
|
||||
{
|
||||
"url": "https://cert.pl/posts/2024/12/CVE-2024-12993/",
|
||||
"source": "cvd@cert.pl"
|
||||
}
|
||||
]
|
||||
}
|
||||
21
README.md
21
README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
|
||||
### Last Repository Update
|
||||
|
||||
```plain
|
||||
2024-12-30T11:00:19.328332+00:00
|
||||
2024-12-30T13:00:19.085676+00:00
|
||||
```
|
||||
|
||||
### Most recent CVE Modification Timestamp synchronized with NVD
|
||||
|
||||
```plain
|
||||
2024-12-30T10:15:07.380000+00:00
|
||||
2024-12-30T12:15:05.990000+00:00
|
||||
```
|
||||
|
||||
### Last Data Feed Release
|
||||
@ -33,24 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
|
||||
### Total Number of included CVEs
|
||||
|
||||
```plain
|
||||
275166
|
||||
275168
|
||||
```
|
||||
|
||||
### CVEs added in the last Commit
|
||||
|
||||
Recently added CVEs: `11`
|
||||
Recently added CVEs: `2`
|
||||
|
||||
- [CVE-2024-22063](CVE-2024/CVE-2024-220xx/CVE-2024-22063.json) (`2024-12-30T10:15:05.867`)
|
||||
- [CVE-2024-47917](CVE-2024/CVE-2024-479xx/CVE-2024-47917.json) (`2024-12-30T10:15:06.067`)
|
||||
- [CVE-2024-47918](CVE-2024/CVE-2024-479xx/CVE-2024-47918.json) (`2024-12-30T10:15:06.223`)
|
||||
- [CVE-2024-47919](CVE-2024/CVE-2024-479xx/CVE-2024-47919.json) (`2024-12-30T10:15:06.377`)
|
||||
- [CVE-2024-47920](CVE-2024/CVE-2024-479xx/CVE-2024-47920.json) (`2024-12-30T10:15:06.510`)
|
||||
- [CVE-2024-47921](CVE-2024/CVE-2024-479xx/CVE-2024-47921.json) (`2024-12-30T10:15:06.643`)
|
||||
- [CVE-2024-47922](CVE-2024/CVE-2024-479xx/CVE-2024-47922.json) (`2024-12-30T10:15:06.790`)
|
||||
- [CVE-2024-47923](CVE-2024/CVE-2024-479xx/CVE-2024-47923.json) (`2024-12-30T10:15:06.947`)
|
||||
- [CVE-2024-47924](CVE-2024/CVE-2024-479xx/CVE-2024-47924.json) (`2024-12-30T10:15:07.090`)
|
||||
- [CVE-2024-47925](CVE-2024/CVE-2024-479xx/CVE-2024-47925.json) (`2024-12-30T10:15:07.233`)
|
||||
- [CVE-2024-47926](CVE-2024/CVE-2024-479xx/CVE-2024-47926.json) (`2024-12-30T10:15:07.380`)
|
||||
- [CVE-2024-10044](CVE-2024/CVE-2024-100xx/CVE-2024-10044.json) (`2024-12-30T12:15:05.990`)
|
||||
- [CVE-2024-12993](CVE-2024/CVE-2024-129xx/CVE-2024-12993.json) (`2024-12-30T11:15:06.100`)
|
||||
|
||||
|
||||
### CVEs modified in the last Commit
|
||||
|
||||
24
_state.csv
24
_state.csv
@ -243127,6 +243127,7 @@ CVE-2024-1004,0,0,7b6f5b47804b16387719a9bf9a5f5e1230f32238a62387586392ff4de375b2
|
||||
CVE-2024-10040,0,0,f83eb1bf0d191e6ff28c64987d9d925532ba47fbade95b4f2582be8beaa243b5,2024-11-01T18:26:23.450000
|
||||
CVE-2024-10041,0,0,4bdc31a40e5b93be22916fa013287a5d9490b3f328b8823606b1e70cc7cff0d3,2024-12-18T10:15:05.850000
|
||||
CVE-2024-10043,0,0,15debe6a05b2854b66ec2962b60af0c6901f10ade93dabb43ab1785dfa9941db,2024-12-12T12:15:21.330000
|
||||
CVE-2024-10044,1,1,0ca02f4d7a4f59ac995ae285b97ec41d1cc544cb8cf86c1ce9ec7abbeb480665,2024-12-30T12:15:05.990000
|
||||
CVE-2024-10045,0,0,856fc9a539db9327702f3141fe8cd970de60cdb7e18125e39405eb0d41f31999,2024-10-25T18:52:30.337000
|
||||
CVE-2024-10046,0,0,affe8ae08e1550f00dfad8d5468ae3e6fc09f4637e56fab36b963f0a53463c60,2024-12-07T02:15:17.543000
|
||||
CVE-2024-10048,0,0,ecbd52d9f528e72b1a462b39f0bdabc3e6386a862771af6a7927a393730bf0a7,2024-10-29T14:34:04.427000
|
||||
@ -245226,6 +245227,7 @@ CVE-2024-12989,0,0,2bcfe5274c1815d529b34a7951b77a117c72887b42dca93dbd01b232b34b8
|
||||
CVE-2024-1299,0,0,c7f245e662ec35ddd87c48ae29ff03e74531f9ba7973bf15293ed4e82f111599,2024-12-11T20:23:27.497000
|
||||
CVE-2024-12990,0,0,cd13539234dc45b1ae5b61de3417fbc4797286ff3555d2fd58c56a1cd92c5e09,2024-12-27T19:15:08.453000
|
||||
CVE-2024-12991,0,0,54019e7b68d73f0344785492f9b9bbce20bb2cbc7c842265bed7d16db9555f29,2024-12-27T20:15:22.140000
|
||||
CVE-2024-12993,1,1,910a602005bae480e806baf71fa523b366d32e2550689b36d8358f1b0b3353b7,2024-12-30T11:15:06.100000
|
||||
CVE-2024-12994,0,0,acc1f74e8195a57c518abcf58a5f0f074ad6c841f18f8ac330ccbd51f6b8910d,2024-12-28T13:15:18.173000
|
||||
CVE-2024-12995,0,0,a13870c434ee7e911d0d59c4b1c35ebf0baba5277938deaea1b15c6cff4125c4,2024-12-28T14:15:22.507000
|
||||
CVE-2024-12998,0,0,eef23b70aa8365e2a841b6d551504892346dc69bac5cd92a662f6e9a2e81cb84,2024-12-28T22:15:16.893000
|
||||
@ -247715,7 +247717,7 @@ CVE-2024-2206,0,0,5cd23aee739a1ecf37ee5d3e204017ea16f7e42bf349d33e84a18d1c299546
|
||||
CVE-2024-22060,0,0,ed9ba15c4f298a42f28462f758b92465c987f6953d9ba6f5dbcd801f1adca5dc,2024-11-21T08:55:28.887000
|
||||
CVE-2024-22061,0,0,4e49e7ee2ac0573d3a15781d9f6f6ecd7315900601a66368e5ff6a2c6b1140a1,2024-11-21T08:55:29.030000
|
||||
CVE-2024-22062,0,0,5e3fbf901447836256112216e65128d54acccd14efc4bf8ec50b4b4ed373b2b8,2024-11-21T08:55:29.160000
|
||||
CVE-2024-22063,1,1,6f1c66b38245eb857d5c8d19df16a9c63ae63b60c6af8775abaf08cf522262a4,2024-12-30T10:15:05.867000
|
||||
CVE-2024-22063,0,0,6f1c66b38245eb857d5c8d19df16a9c63ae63b60c6af8775abaf08cf522262a4,2024-12-30T10:15:05.867000
|
||||
CVE-2024-22064,0,0,7a159daab9aa6e5774f98aa77b2c2b9cdb3b6481d807f30d09492dd701bec0f0,2024-11-21T08:55:29.303000
|
||||
CVE-2024-22065,0,0,dae613817a61208717b3a5a276d9f130cc902f700d6c4ff0f2f65e14039fa1e6,2024-10-29T14:34:04.427000
|
||||
CVE-2024-22066,0,0,70d4e3985898c8aa9a39f7f36b8d64c8bac198bd9861f8715ebb57132067fd4b,2024-11-08T14:31:32.933000
|
||||
@ -266546,17 +266548,17 @@ CVE-2024-47913,0,0,e92bf0427b7adf27cd04fdc5a8d79fe11a83f28afaf9984e9a926a62921ec
|
||||
CVE-2024-47914,0,0,d45aeab404253ce96cfa100c7ced4195a1c3af09497362e0f731698d9e730204,2024-11-15T13:58:08.913000
|
||||
CVE-2024-47915,0,0,9a22be8027040fe480da003180194741f42a15279e6f925652bfe19345653927,2024-11-15T13:58:08.913000
|
||||
CVE-2024-47916,0,0,33932b79d79c6af0ee005a6e7fc2e2bb088bcfe0a7b5481ded4f6ce2add3e31c,2024-11-15T13:58:08.913000
|
||||
CVE-2024-47917,1,1,ccd14eff317aa42bba00c35ed918e3f14a5d4c0169d8eda3d5380bb16133a2af,2024-12-30T10:15:06.067000
|
||||
CVE-2024-47918,1,1,1fbab71b0ee65e01cf75268f2564ce36aa66d7743c675a26cb86775470b5c4df,2024-12-30T10:15:06.223000
|
||||
CVE-2024-47919,1,1,cb85f979dd6e9e652a98eab43b86fa7e2382c163c7d63ff14e4c4379c93f61ef,2024-12-30T10:15:06.377000
|
||||
CVE-2024-47917,0,0,ccd14eff317aa42bba00c35ed918e3f14a5d4c0169d8eda3d5380bb16133a2af,2024-12-30T10:15:06.067000
|
||||
CVE-2024-47918,0,0,1fbab71b0ee65e01cf75268f2564ce36aa66d7743c675a26cb86775470b5c4df,2024-12-30T10:15:06.223000
|
||||
CVE-2024-47919,0,0,cb85f979dd6e9e652a98eab43b86fa7e2382c163c7d63ff14e4c4379c93f61ef,2024-12-30T10:15:06.377000
|
||||
CVE-2024-4792,0,0,fa6e5afe18217f009cd2de1100fb67a7f283ef61d98ff61cdde102013614a3ef,2024-11-21T09:43:37.300000
|
||||
CVE-2024-47920,1,1,90dd3556d7354a94036f4ed56d6807839cc1e6af4b50774f9ba72413cf8e179b,2024-12-30T10:15:06.510000
|
||||
CVE-2024-47921,1,1,bee75beb03a497cb6d89f1de43a2711eff6e1d557d5e0222c260a8dd217eb86f,2024-12-30T10:15:06.643000
|
||||
CVE-2024-47922,1,1,3ba1ec5f08dbf7c9f1a5073b6a431e5af57fab07790c17b5f01633e2237bdf51,2024-12-30T10:15:06.790000
|
||||
CVE-2024-47923,1,1,cd35189467ba66d2897baaec1cc91f427222522d5f70b421011f349f07065f84,2024-12-30T10:15:06.947000
|
||||
CVE-2024-47924,1,1,aab3c5d3b70e22f20cf28c021d2e57a3abd4a30be19951e62efabf8285dfb9f8,2024-12-30T10:15:07.090000
|
||||
CVE-2024-47925,1,1,58c7de5cfe904d70c55522ad3f8a275ebbafa3086c96318a84bb533c4bd1d5bc,2024-12-30T10:15:07.233000
|
||||
CVE-2024-47926,1,1,515a12d94be2af0f63a4f9cfe590dcc83e95251f6865c8e54a1dcf87d9ec9ca1,2024-12-30T10:15:07.380000
|
||||
CVE-2024-47920,0,0,90dd3556d7354a94036f4ed56d6807839cc1e6af4b50774f9ba72413cf8e179b,2024-12-30T10:15:06.510000
|
||||
CVE-2024-47921,0,0,bee75beb03a497cb6d89f1de43a2711eff6e1d557d5e0222c260a8dd217eb86f,2024-12-30T10:15:06.643000
|
||||
CVE-2024-47922,0,0,3ba1ec5f08dbf7c9f1a5073b6a431e5af57fab07790c17b5f01633e2237bdf51,2024-12-30T10:15:06.790000
|
||||
CVE-2024-47923,0,0,cd35189467ba66d2897baaec1cc91f427222522d5f70b421011f349f07065f84,2024-12-30T10:15:06.947000
|
||||
CVE-2024-47924,0,0,aab3c5d3b70e22f20cf28c021d2e57a3abd4a30be19951e62efabf8285dfb9f8,2024-12-30T10:15:07.090000
|
||||
CVE-2024-47925,0,0,58c7de5cfe904d70c55522ad3f8a275ebbafa3086c96318a84bb533c4bd1d5bc,2024-12-30T10:15:07.233000
|
||||
CVE-2024-47926,0,0,515a12d94be2af0f63a4f9cfe590dcc83e95251f6865c8e54a1dcf87d9ec9ca1,2024-12-30T10:15:07.380000
|
||||
CVE-2024-4793,0,0,a6ca6dc2e5c47daa16d59954e19a82bf00c36bb6db82d6b1c1e23c1f1df319c1,2024-11-21T09:43:37.463000
|
||||
CVE-2024-47939,0,0,56807ff489784cf4fadb2e00da7b797597c1ced2e2c98f8bd3c06e8fe447a672,2024-11-01T12:57:03.417000
|
||||
CVE-2024-4794,0,0,c8bbe767ad72c9235212e11271c46c761e04d6a9b46861dabd15f61ddf88f000,2024-11-21T09:43:37.600000
|
||||
|
||||
|
Can't render this file because it is too large.
|
Loading…
x
Reference in New Issue
Block a user