From d60c1644d06746f41b23e5b7828db5a3db1f0300 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 30 Dec 2024 13:03:43 +0000 Subject: [PATCH] Auto-Update: 2024-12-30T13:00:19.085676+00:00 --- CVE-2024/CVE-2024-100xx/CVE-2024-10044.json | 56 ++++++++++++++ CVE-2024/CVE-2024-129xx/CVE-2024-12993.json | 82 +++++++++++++++++++++ README.md | 21 ++---- _state.csv | 24 +++--- 4 files changed, 157 insertions(+), 26 deletions(-) create mode 100644 CVE-2024/CVE-2024-100xx/CVE-2024-10044.json create mode 100644 CVE-2024/CVE-2024-129xx/CVE-2024-12993.json diff --git a/CVE-2024/CVE-2024-100xx/CVE-2024-10044.json b/CVE-2024/CVE-2024-100xx/CVE-2024-10044.json new file mode 100644 index 00000000000..faeef8759af --- /dev/null +++ b/CVE-2024/CVE-2024-100xx/CVE-2024-10044.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-10044", + "sourceIdentifier": "security@huntr.dev", + "published": "2024-12-30T12:15:05.990", + "lastModified": "2024-12-30T12:15:05.990", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API endpoint of the Controller API Server in lm-sys/fastchat, as of commit e208d5677c6837d590b81cb03847c0b9de100765. This vulnerability allows attackers to exploit the victim controller API server's credentials to perform unauthorized web actions or access unauthorized web resources by combining it with the POST /register_worker endpoint." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://huntr.com/bounties/44633540-377d-4ac4-b3a3-c2d0fa19d0e6", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-129xx/CVE-2024-12993.json b/CVE-2024/CVE-2024-129xx/CVE-2024-12993.json new file mode 100644 index 00000000000..57cd7ac339f --- /dev/null +++ b/CVE-2024/CVE-2024-129xx/CVE-2024-12993.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2024-12993", + "sourceIdentifier": "cvd@cert.pl", + "published": "2024-12-30T11:15:06.100", + "lastModified": "2024-12-30T11:15:06.100", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Infinix devices contain a pre-loaded \"com.rlk.weathers\" application, that exposes an unsecured content provider. An attacker can communicate with the provider and reveal the user\u2019s location without any privileges.\u00a0\nAfter multiple attempts to contact the vendor we did not receive any answer. We suppose this issue affects all Infinix Mobile devices." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cvd@cert.pl", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "cvd@cert.pl", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-497" + } + ] + } + ], + "references": [ + { + "url": "https://cert.pl/en/posts/2024/12/CVE-2024-12993/", + "source": "cvd@cert.pl" + }, + { + "url": "https://cert.pl/posts/2024/12/CVE-2024-12993/", + "source": "cvd@cert.pl" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 1a11fac0e2c..78eb521de82 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-12-30T11:00:19.328332+00:00 +2024-12-30T13:00:19.085676+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-12-30T10:15:07.380000+00:00 +2024-12-30T12:15:05.990000+00:00 ``` ### Last Data Feed Release @@ -33,24 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -275166 +275168 ``` ### CVEs added in the last Commit -Recently added CVEs: `11` +Recently added CVEs: `2` -- [CVE-2024-22063](CVE-2024/CVE-2024-220xx/CVE-2024-22063.json) (`2024-12-30T10:15:05.867`) -- [CVE-2024-47917](CVE-2024/CVE-2024-479xx/CVE-2024-47917.json) (`2024-12-30T10:15:06.067`) -- [CVE-2024-47918](CVE-2024/CVE-2024-479xx/CVE-2024-47918.json) (`2024-12-30T10:15:06.223`) -- [CVE-2024-47919](CVE-2024/CVE-2024-479xx/CVE-2024-47919.json) (`2024-12-30T10:15:06.377`) -- [CVE-2024-47920](CVE-2024/CVE-2024-479xx/CVE-2024-47920.json) (`2024-12-30T10:15:06.510`) -- [CVE-2024-47921](CVE-2024/CVE-2024-479xx/CVE-2024-47921.json) (`2024-12-30T10:15:06.643`) -- [CVE-2024-47922](CVE-2024/CVE-2024-479xx/CVE-2024-47922.json) (`2024-12-30T10:15:06.790`) -- [CVE-2024-47923](CVE-2024/CVE-2024-479xx/CVE-2024-47923.json) (`2024-12-30T10:15:06.947`) -- [CVE-2024-47924](CVE-2024/CVE-2024-479xx/CVE-2024-47924.json) (`2024-12-30T10:15:07.090`) -- [CVE-2024-47925](CVE-2024/CVE-2024-479xx/CVE-2024-47925.json) (`2024-12-30T10:15:07.233`) -- [CVE-2024-47926](CVE-2024/CVE-2024-479xx/CVE-2024-47926.json) (`2024-12-30T10:15:07.380`) +- [CVE-2024-10044](CVE-2024/CVE-2024-100xx/CVE-2024-10044.json) (`2024-12-30T12:15:05.990`) +- [CVE-2024-12993](CVE-2024/CVE-2024-129xx/CVE-2024-12993.json) (`2024-12-30T11:15:06.100`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index e389938eb64..d09652f3582 100644 --- a/_state.csv +++ b/_state.csv @@ -243127,6 +243127,7 @@ CVE-2024-1004,0,0,7b6f5b47804b16387719a9bf9a5f5e1230f32238a62387586392ff4de375b2 CVE-2024-10040,0,0,f83eb1bf0d191e6ff28c64987d9d925532ba47fbade95b4f2582be8beaa243b5,2024-11-01T18:26:23.450000 CVE-2024-10041,0,0,4bdc31a40e5b93be22916fa013287a5d9490b3f328b8823606b1e70cc7cff0d3,2024-12-18T10:15:05.850000 CVE-2024-10043,0,0,15debe6a05b2854b66ec2962b60af0c6901f10ade93dabb43ab1785dfa9941db,2024-12-12T12:15:21.330000 +CVE-2024-10044,1,1,0ca02f4d7a4f59ac995ae285b97ec41d1cc544cb8cf86c1ce9ec7abbeb480665,2024-12-30T12:15:05.990000 CVE-2024-10045,0,0,856fc9a539db9327702f3141fe8cd970de60cdb7e18125e39405eb0d41f31999,2024-10-25T18:52:30.337000 CVE-2024-10046,0,0,affe8ae08e1550f00dfad8d5468ae3e6fc09f4637e56fab36b963f0a53463c60,2024-12-07T02:15:17.543000 CVE-2024-10048,0,0,ecbd52d9f528e72b1a462b39f0bdabc3e6386a862771af6a7927a393730bf0a7,2024-10-29T14:34:04.427000 @@ -245226,6 +245227,7 @@ CVE-2024-12989,0,0,2bcfe5274c1815d529b34a7951b77a117c72887b42dca93dbd01b232b34b8 CVE-2024-1299,0,0,c7f245e662ec35ddd87c48ae29ff03e74531f9ba7973bf15293ed4e82f111599,2024-12-11T20:23:27.497000 CVE-2024-12990,0,0,cd13539234dc45b1ae5b61de3417fbc4797286ff3555d2fd58c56a1cd92c5e09,2024-12-27T19:15:08.453000 CVE-2024-12991,0,0,54019e7b68d73f0344785492f9b9bbce20bb2cbc7c842265bed7d16db9555f29,2024-12-27T20:15:22.140000 +CVE-2024-12993,1,1,910a602005bae480e806baf71fa523b366d32e2550689b36d8358f1b0b3353b7,2024-12-30T11:15:06.100000 CVE-2024-12994,0,0,acc1f74e8195a57c518abcf58a5f0f074ad6c841f18f8ac330ccbd51f6b8910d,2024-12-28T13:15:18.173000 CVE-2024-12995,0,0,a13870c434ee7e911d0d59c4b1c35ebf0baba5277938deaea1b15c6cff4125c4,2024-12-28T14:15:22.507000 CVE-2024-12998,0,0,eef23b70aa8365e2a841b6d551504892346dc69bac5cd92a662f6e9a2e81cb84,2024-12-28T22:15:16.893000 @@ -247715,7 +247717,7 @@ CVE-2024-2206,0,0,5cd23aee739a1ecf37ee5d3e204017ea16f7e42bf349d33e84a18d1c299546 CVE-2024-22060,0,0,ed9ba15c4f298a42f28462f758b92465c987f6953d9ba6f5dbcd801f1adca5dc,2024-11-21T08:55:28.887000 CVE-2024-22061,0,0,4e49e7ee2ac0573d3a15781d9f6f6ecd7315900601a66368e5ff6a2c6b1140a1,2024-11-21T08:55:29.030000 CVE-2024-22062,0,0,5e3fbf901447836256112216e65128d54acccd14efc4bf8ec50b4b4ed373b2b8,2024-11-21T08:55:29.160000 -CVE-2024-22063,1,1,6f1c66b38245eb857d5c8d19df16a9c63ae63b60c6af8775abaf08cf522262a4,2024-12-30T10:15:05.867000 +CVE-2024-22063,0,0,6f1c66b38245eb857d5c8d19df16a9c63ae63b60c6af8775abaf08cf522262a4,2024-12-30T10:15:05.867000 CVE-2024-22064,0,0,7a159daab9aa6e5774f98aa77b2c2b9cdb3b6481d807f30d09492dd701bec0f0,2024-11-21T08:55:29.303000 CVE-2024-22065,0,0,dae613817a61208717b3a5a276d9f130cc902f700d6c4ff0f2f65e14039fa1e6,2024-10-29T14:34:04.427000 CVE-2024-22066,0,0,70d4e3985898c8aa9a39f7f36b8d64c8bac198bd9861f8715ebb57132067fd4b,2024-11-08T14:31:32.933000 @@ -266546,17 +266548,17 @@ CVE-2024-47913,0,0,e92bf0427b7adf27cd04fdc5a8d79fe11a83f28afaf9984e9a926a62921ec CVE-2024-47914,0,0,d45aeab404253ce96cfa100c7ced4195a1c3af09497362e0f731698d9e730204,2024-11-15T13:58:08.913000 CVE-2024-47915,0,0,9a22be8027040fe480da003180194741f42a15279e6f925652bfe19345653927,2024-11-15T13:58:08.913000 CVE-2024-47916,0,0,33932b79d79c6af0ee005a6e7fc2e2bb088bcfe0a7b5481ded4f6ce2add3e31c,2024-11-15T13:58:08.913000 -CVE-2024-47917,1,1,ccd14eff317aa42bba00c35ed918e3f14a5d4c0169d8eda3d5380bb16133a2af,2024-12-30T10:15:06.067000 -CVE-2024-47918,1,1,1fbab71b0ee65e01cf75268f2564ce36aa66d7743c675a26cb86775470b5c4df,2024-12-30T10:15:06.223000 -CVE-2024-47919,1,1,cb85f979dd6e9e652a98eab43b86fa7e2382c163c7d63ff14e4c4379c93f61ef,2024-12-30T10:15:06.377000 +CVE-2024-47917,0,0,ccd14eff317aa42bba00c35ed918e3f14a5d4c0169d8eda3d5380bb16133a2af,2024-12-30T10:15:06.067000 +CVE-2024-47918,0,0,1fbab71b0ee65e01cf75268f2564ce36aa66d7743c675a26cb86775470b5c4df,2024-12-30T10:15:06.223000 +CVE-2024-47919,0,0,cb85f979dd6e9e652a98eab43b86fa7e2382c163c7d63ff14e4c4379c93f61ef,2024-12-30T10:15:06.377000 CVE-2024-4792,0,0,fa6e5afe18217f009cd2de1100fb67a7f283ef61d98ff61cdde102013614a3ef,2024-11-21T09:43:37.300000 -CVE-2024-47920,1,1,90dd3556d7354a94036f4ed56d6807839cc1e6af4b50774f9ba72413cf8e179b,2024-12-30T10:15:06.510000 -CVE-2024-47921,1,1,bee75beb03a497cb6d89f1de43a2711eff6e1d557d5e0222c260a8dd217eb86f,2024-12-30T10:15:06.643000 -CVE-2024-47922,1,1,3ba1ec5f08dbf7c9f1a5073b6a431e5af57fab07790c17b5f01633e2237bdf51,2024-12-30T10:15:06.790000 -CVE-2024-47923,1,1,cd35189467ba66d2897baaec1cc91f427222522d5f70b421011f349f07065f84,2024-12-30T10:15:06.947000 -CVE-2024-47924,1,1,aab3c5d3b70e22f20cf28c021d2e57a3abd4a30be19951e62efabf8285dfb9f8,2024-12-30T10:15:07.090000 -CVE-2024-47925,1,1,58c7de5cfe904d70c55522ad3f8a275ebbafa3086c96318a84bb533c4bd1d5bc,2024-12-30T10:15:07.233000 -CVE-2024-47926,1,1,515a12d94be2af0f63a4f9cfe590dcc83e95251f6865c8e54a1dcf87d9ec9ca1,2024-12-30T10:15:07.380000 +CVE-2024-47920,0,0,90dd3556d7354a94036f4ed56d6807839cc1e6af4b50774f9ba72413cf8e179b,2024-12-30T10:15:06.510000 +CVE-2024-47921,0,0,bee75beb03a497cb6d89f1de43a2711eff6e1d557d5e0222c260a8dd217eb86f,2024-12-30T10:15:06.643000 +CVE-2024-47922,0,0,3ba1ec5f08dbf7c9f1a5073b6a431e5af57fab07790c17b5f01633e2237bdf51,2024-12-30T10:15:06.790000 +CVE-2024-47923,0,0,cd35189467ba66d2897baaec1cc91f427222522d5f70b421011f349f07065f84,2024-12-30T10:15:06.947000 +CVE-2024-47924,0,0,aab3c5d3b70e22f20cf28c021d2e57a3abd4a30be19951e62efabf8285dfb9f8,2024-12-30T10:15:07.090000 +CVE-2024-47925,0,0,58c7de5cfe904d70c55522ad3f8a275ebbafa3086c96318a84bb533c4bd1d5bc,2024-12-30T10:15:07.233000 +CVE-2024-47926,0,0,515a12d94be2af0f63a4f9cfe590dcc83e95251f6865c8e54a1dcf87d9ec9ca1,2024-12-30T10:15:07.380000 CVE-2024-4793,0,0,a6ca6dc2e5c47daa16d59954e19a82bf00c36bb6db82d6b1c1e23c1f1df319c1,2024-11-21T09:43:37.463000 CVE-2024-47939,0,0,56807ff489784cf4fadb2e00da7b797597c1ced2e2c98f8bd3c06e8fe447a672,2024-11-01T12:57:03.417000 CVE-2024-4794,0,0,c8bbe767ad72c9235212e11271c46c761e04d6a9b46861dabd15f61ddf88f000,2024-11-21T09:43:37.600000