Auto-Update: 2024-12-30T13:00:19.085676+00:00

CVE-2024/CVE-2024-100xx/CVE-2024-10044.json

@@ -0,0 +1,56 @@
+{
+  "id": "CVE-2024-10044",
+  "sourceIdentifier": "security@huntr.dev",
+  "published": "2024-12-30T12:15:05.990",
+  "lastModified": "2024-12-30T12:15:05.990",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API endpoint of the Controller API Server in lm-sys/fastchat, as of commit e208d5677c6837d590b81cb03847c0b9de100765. This vulnerability allows attackers to exploit the victim controller API server's credentials to perform unauthorized web actions or access unauthorized web resources by combining it with the POST /register_worker endpoint."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "security@huntr.dev",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
+          "baseScore": 9.3,
+          "baseSeverity": "CRITICAL",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 4.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@huntr.dev",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-918"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://huntr.com/bounties/44633540-377d-4ac4-b3a3-c2d0fa19d0e6",
+      "source": "security@huntr.dev"
+    }
+  ]
+}

CVE-2024/CVE-2024-129xx/CVE-2024-12993.json

@@ -0,0 +1,82 @@
+{
+  "id": "CVE-2024-12993",
+  "sourceIdentifier": "cvd@cert.pl",
+  "published": "2024-12-30T11:15:06.100",
+  "lastModified": "2024-12-30T11:15:06.100",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Infinix devices contain a pre-loaded \"com.rlk.weathers\" application, that exposes an unsecured content provider. An attacker can communicate with the provider and reveal the user\u2019s location without any privileges.\u00a0\nAfter multiple attempts to contact the vendor we did not receive any answer. We suppose this issue affects all Infinix Mobile devices."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "cvd@cert.pl",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "baseScore": 4.8,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "NONE",
+          "userInteraction": "PASSIVE",
+          "vulnerableSystemConfidentiality": "LOW",
+          "vulnerableSystemIntegrity": "NONE",
+          "vulnerableSystemAvailability": "NONE",
+          "subsequentSystemConfidentiality": "NONE",
+          "subsequentSystemIntegrity": "NONE",
+          "subsequentSystemAvailability": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirements": "NOT_DEFINED",
+          "integrityRequirements": "NOT_DEFINED",
+          "availabilityRequirements": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
+          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
+          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
+          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
+          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
+          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
+          "safety": "NOT_DEFINED",
+          "automatable": "NOT_DEFINED",
+          "recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED"
+        }
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cvd@cert.pl",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-497"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://cert.pl/en/posts/2024/12/CVE-2024-12993/",
+      "source": "cvd@cert.pl"
+    },
+    {
+      "url": "https://cert.pl/posts/2024/12/CVE-2024-12993/",
+      "source": "cvd@cert.pl"
+    }
+  ]
+}

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-12-30T11:00:19.328332+00:00
+2024-12-30T13:00:19.085676+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-12-30T10:15:07.380000+00:00
+2024-12-30T12:15:05.990000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,24 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-275166
+275168
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `11`
+Recently added CVEs: `2`
 
-- [CVE-2024-22063](CVE-2024/CVE-2024-220xx/CVE-2024-22063.json) (`2024-12-30T10:15:05.867`)
+- [CVE-2024-10044](CVE-2024/CVE-2024-100xx/CVE-2024-10044.json) (`2024-12-30T12:15:05.990`)
-- [CVE-2024-47917](CVE-2024/CVE-2024-479xx/CVE-2024-47917.json) (`2024-12-30T10:15:06.067`)
+- [CVE-2024-12993](CVE-2024/CVE-2024-129xx/CVE-2024-12993.json) (`2024-12-30T11:15:06.100`)
-- [CVE-2024-47918](CVE-2024/CVE-2024-479xx/CVE-2024-47918.json) (`2024-12-30T10:15:06.223`)
-- [CVE-2024-47919](CVE-2024/CVE-2024-479xx/CVE-2024-47919.json) (`2024-12-30T10:15:06.377`)
-- [CVE-2024-47920](CVE-2024/CVE-2024-479xx/CVE-2024-47920.json) (`2024-12-30T10:15:06.510`)
-- [CVE-2024-47921](CVE-2024/CVE-2024-479xx/CVE-2024-47921.json) (`2024-12-30T10:15:06.643`)
-- [CVE-2024-47922](CVE-2024/CVE-2024-479xx/CVE-2024-47922.json) (`2024-12-30T10:15:06.790`)
-- [CVE-2024-47923](CVE-2024/CVE-2024-479xx/CVE-2024-47923.json) (`2024-12-30T10:15:06.947`)
-- [CVE-2024-47924](CVE-2024/CVE-2024-479xx/CVE-2024-47924.json) (`2024-12-30T10:15:07.090`)
-- [CVE-2024-47925](CVE-2024/CVE-2024-479xx/CVE-2024-47925.json) (`2024-12-30T10:15:07.233`)
-- [CVE-2024-47926](CVE-2024/CVE-2024-479xx/CVE-2024-47926.json) (`2024-12-30T10:15:07.380`)
 
 
 ### CVEs modified in the last Commit

_state.csv

@@ -243127,6 +243127,7 @@ CVE-2024-1004,0,0,7b6f5b47804b16387719a9bf9a5f5e1230f32238a62387586392ff4de375b2
 CVE-2024-10040,0,0,f83eb1bf0d191e6ff28c64987d9d925532ba47fbade95b4f2582be8beaa243b5,2024-11-01T18:26:23.450000
 CVE-2024-10041,0,0,4bdc31a40e5b93be22916fa013287a5d9490b3f328b8823606b1e70cc7cff0d3,2024-12-18T10:15:05.850000
 CVE-2024-10043,0,0,15debe6a05b2854b66ec2962b60af0c6901f10ade93dabb43ab1785dfa9941db,2024-12-12T12:15:21.330000
+CVE-2024-10044,1,1,0ca02f4d7a4f59ac995ae285b97ec41d1cc544cb8cf86c1ce9ec7abbeb480665,2024-12-30T12:15:05.990000
 CVE-2024-10045,0,0,856fc9a539db9327702f3141fe8cd970de60cdb7e18125e39405eb0d41f31999,2024-10-25T18:52:30.337000
 CVE-2024-10046,0,0,affe8ae08e1550f00dfad8d5468ae3e6fc09f4637e56fab36b963f0a53463c60,2024-12-07T02:15:17.543000
 CVE-2024-10048,0,0,ecbd52d9f528e72b1a462b39f0bdabc3e6386a862771af6a7927a393730bf0a7,2024-10-29T14:34:04.427000
@@ -245226,6 +245227,7 @@ CVE-2024-12989,0,0,2bcfe5274c1815d529b34a7951b77a117c72887b42dca93dbd01b232b34b8
 CVE-2024-1299,0,0,c7f245e662ec35ddd87c48ae29ff03e74531f9ba7973bf15293ed4e82f111599,2024-12-11T20:23:27.497000
 CVE-2024-12990,0,0,cd13539234dc45b1ae5b61de3417fbc4797286ff3555d2fd58c56a1cd92c5e09,2024-12-27T19:15:08.453000
 CVE-2024-12991,0,0,54019e7b68d73f0344785492f9b9bbce20bb2cbc7c842265bed7d16db9555f29,2024-12-27T20:15:22.140000
+CVE-2024-12993,1,1,910a602005bae480e806baf71fa523b366d32e2550689b36d8358f1b0b3353b7,2024-12-30T11:15:06.100000
 CVE-2024-12994,0,0,acc1f74e8195a57c518abcf58a5f0f074ad6c841f18f8ac330ccbd51f6b8910d,2024-12-28T13:15:18.173000
 CVE-2024-12995,0,0,a13870c434ee7e911d0d59c4b1c35ebf0baba5277938deaea1b15c6cff4125c4,2024-12-28T14:15:22.507000
 CVE-2024-12998,0,0,eef23b70aa8365e2a841b6d551504892346dc69bac5cd92a662f6e9a2e81cb84,2024-12-28T22:15:16.893000
@@ -247715,7 +247717,7 @@ CVE-2024-2206,0,0,5cd23aee739a1ecf37ee5d3e204017ea16f7e42bf349d33e84a18d1c299546
 CVE-2024-22060,0,0,ed9ba15c4f298a42f28462f758b92465c987f6953d9ba6f5dbcd801f1adca5dc,2024-11-21T08:55:28.887000
 CVE-2024-22061,0,0,4e49e7ee2ac0573d3a15781d9f6f6ecd7315900601a66368e5ff6a2c6b1140a1,2024-11-21T08:55:29.030000
 CVE-2024-22062,0,0,5e3fbf901447836256112216e65128d54acccd14efc4bf8ec50b4b4ed373b2b8,2024-11-21T08:55:29.160000
-CVE-2024-22063,1,1,6f1c66b38245eb857d5c8d19df16a9c63ae63b60c6af8775abaf08cf522262a4,2024-12-30T10:15:05.867000
+CVE-2024-22063,0,0,6f1c66b38245eb857d5c8d19df16a9c63ae63b60c6af8775abaf08cf522262a4,2024-12-30T10:15:05.867000
 CVE-2024-22064,0,0,7a159daab9aa6e5774f98aa77b2c2b9cdb3b6481d807f30d09492dd701bec0f0,2024-11-21T08:55:29.303000
 CVE-2024-22065,0,0,dae613817a61208717b3a5a276d9f130cc902f700d6c4ff0f2f65e14039fa1e6,2024-10-29T14:34:04.427000
 CVE-2024-22066,0,0,70d4e3985898c8aa9a39f7f36b8d64c8bac198bd9861f8715ebb57132067fd4b,2024-11-08T14:31:32.933000
@@ -266546,17 +266548,17 @@ CVE-2024-47913,0,0,e92bf0427b7adf27cd04fdc5a8d79fe11a83f28afaf9984e9a926a62921ec
 CVE-2024-47914,0,0,d45aeab404253ce96cfa100c7ced4195a1c3af09497362e0f731698d9e730204,2024-11-15T13:58:08.913000
 CVE-2024-47915,0,0,9a22be8027040fe480da003180194741f42a15279e6f925652bfe19345653927,2024-11-15T13:58:08.913000
 CVE-2024-47916,0,0,33932b79d79c6af0ee005a6e7fc2e2bb088bcfe0a7b5481ded4f6ce2add3e31c,2024-11-15T13:58:08.913000
-CVE-2024-47917,1,1,ccd14eff317aa42bba00c35ed918e3f14a5d4c0169d8eda3d5380bb16133a2af,2024-12-30T10:15:06.067000
+CVE-2024-47917,0,0,ccd14eff317aa42bba00c35ed918e3f14a5d4c0169d8eda3d5380bb16133a2af,2024-12-30T10:15:06.067000
-CVE-2024-47918,1,1,1fbab71b0ee65e01cf75268f2564ce36aa66d7743c675a26cb86775470b5c4df,2024-12-30T10:15:06.223000
+CVE-2024-47918,0,0,1fbab71b0ee65e01cf75268f2564ce36aa66d7743c675a26cb86775470b5c4df,2024-12-30T10:15:06.223000
-CVE-2024-47919,1,1,cb85f979dd6e9e652a98eab43b86fa7e2382c163c7d63ff14e4c4379c93f61ef,2024-12-30T10:15:06.377000
+CVE-2024-47919,0,0,cb85f979dd6e9e652a98eab43b86fa7e2382c163c7d63ff14e4c4379c93f61ef,2024-12-30T10:15:06.377000
 CVE-2024-4792,0,0,fa6e5afe18217f009cd2de1100fb67a7f283ef61d98ff61cdde102013614a3ef,2024-11-21T09:43:37.300000
-CVE-2024-47920,1,1,90dd3556d7354a94036f4ed56d6807839cc1e6af4b50774f9ba72413cf8e179b,2024-12-30T10:15:06.510000
+CVE-2024-47920,0,0,90dd3556d7354a94036f4ed56d6807839cc1e6af4b50774f9ba72413cf8e179b,2024-12-30T10:15:06.510000
-CVE-2024-47921,1,1,bee75beb03a497cb6d89f1de43a2711eff6e1d557d5e0222c260a8dd217eb86f,2024-12-30T10:15:06.643000
+CVE-2024-47921,0,0,bee75beb03a497cb6d89f1de43a2711eff6e1d557d5e0222c260a8dd217eb86f,2024-12-30T10:15:06.643000
-CVE-2024-47922,1,1,3ba1ec5f08dbf7c9f1a5073b6a431e5af57fab07790c17b5f01633e2237bdf51,2024-12-30T10:15:06.790000
+CVE-2024-47922,0,0,3ba1ec5f08dbf7c9f1a5073b6a431e5af57fab07790c17b5f01633e2237bdf51,2024-12-30T10:15:06.790000
-CVE-2024-47923,1,1,cd35189467ba66d2897baaec1cc91f427222522d5f70b421011f349f07065f84,2024-12-30T10:15:06.947000
+CVE-2024-47923,0,0,cd35189467ba66d2897baaec1cc91f427222522d5f70b421011f349f07065f84,2024-12-30T10:15:06.947000
-CVE-2024-47924,1,1,aab3c5d3b70e22f20cf28c021d2e57a3abd4a30be19951e62efabf8285dfb9f8,2024-12-30T10:15:07.090000
+CVE-2024-47924,0,0,aab3c5d3b70e22f20cf28c021d2e57a3abd4a30be19951e62efabf8285dfb9f8,2024-12-30T10:15:07.090000
-CVE-2024-47925,1,1,58c7de5cfe904d70c55522ad3f8a275ebbafa3086c96318a84bb533c4bd1d5bc,2024-12-30T10:15:07.233000
+CVE-2024-47925,0,0,58c7de5cfe904d70c55522ad3f8a275ebbafa3086c96318a84bb533c4bd1d5bc,2024-12-30T10:15:07.233000
-CVE-2024-47926,1,1,515a12d94be2af0f63a4f9cfe590dcc83e95251f6865c8e54a1dcf87d9ec9ca1,2024-12-30T10:15:07.380000
+CVE-2024-47926,0,0,515a12d94be2af0f63a4f9cfe590dcc83e95251f6865c8e54a1dcf87d9ec9ca1,2024-12-30T10:15:07.380000
 CVE-2024-4793,0,0,a6ca6dc2e5c47daa16d59954e19a82bf00c36bb6db82d6b1c1e23c1f1df319c1,2024-11-21T09:43:37.463000
 CVE-2024-47939,0,0,56807ff489784cf4fadb2e00da7b797597c1ced2e2c98f8bd3c06e8fe447a672,2024-11-01T12:57:03.417000
 CVE-2024-4794,0,0,c8bbe767ad72c9235212e11271c46c761e04d6a9b46861dabd15f61ddf88f000,2024-11-21T09:43:37.600000