Auto-Update: 2025-03-19T05:00:19.656721+00:00

2025-06-21 17:41:05 +00:00 · 2025-03-19 05:03:51 +00:00 · 2025-03-19 05:03:51 +00:00 · e43f358c28
commit e43f358c28
parent b9a39487c4
4 changed files with 126 additions and 15 deletions
--- a/CVE-2024/CVE-2024-104xx/CVE-2024-10442.json
+++ b/CVE-2024/CVE-2024-104xx/CVE-2024-10442.json
@ -0,0 +1,56 @@
+{
+  "id": "CVE-2024-10442",
+  "sourceIdentifier": "security@synology.com",
+  "published": "2025-03-19T03:15:11.790",
+  "lastModified": "2025-03-19T03:15:11.790",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code, potentially leading to a broader impact across the system via unspecified vectors."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@synology.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
+          "baseScore": 10.0,
+          "baseSeverity": "CRITICAL",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 6.0
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@synology.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-193"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.synology.com/en-global/security/advisory/Synology_SA_24_22",
+      "source": "security@synology.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-111xx/CVE-2024-11131.json
+++ b/CVE-2024/CVE-2024-111xx/CVE-2024-11131.json
@ -0,0 +1,56 @@
+{
+  "id": "CVE-2024-11131",
+  "sourceIdentifier": "security@synology.com",
+  "published": "2025-03-19T03:15:12.850",
+  "lastModified": "2025-03-19T03:15:12.850",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability regarding out-of-bounds read is found in the video interface. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.2.0-0525 may be affected: BC500, CC400W and TC500."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@synology.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@synology.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-125"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.synology.com/en-global/security/advisory/Synology_SA_24_24",
+      "source": "security@synology.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2025-03-19T03:00:19.985873+00:00
+2025-03-19T05:00:19.656721+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2025-03-19T02:15:28.413000+00:00
+2025-03-19T03:15:12.850000+00:00
 ```

 ### Last Data Feed Release
@ -33,24 +33,21 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-285643
+285645
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `3`
+Recently added CVEs: `2`

- [CVE-2024-10441](CVE-2024/CVE-2024-104xx/CVE-2024-10441.json) (`2025-03-19T02:15:27.120`)
- [CVE-2024-10444](CVE-2024/CVE-2024-104xx/CVE-2024-10444.json) (`2025-03-19T02:15:28.297`)
- [CVE-2024-10445](CVE-2024/CVE-2024-104xx/CVE-2024-10445.json) (`2025-03-19T02:15:28.413`)
+- [CVE-2024-10442](CVE-2024/CVE-2024-104xx/CVE-2024-10442.json) (`2025-03-19T03:15:11.790`)
+- [CVE-2024-11131](CVE-2024/CVE-2024-111xx/CVE-2024-11131.json) (`2025-03-19T03:15:12.850`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `2`
+Recently modified CVEs: `0`

- [CVE-2025-24472](CVE-2025/CVE-2025-244xx/CVE-2025-24472.json) (`2025-03-19T01:00:02.197`)
- [CVE-2025-30066](CVE-2025/CVE-2025-300xx/CVE-2025-30066.json) (`2025-03-19T01:00:02.197`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -244737,10 +244737,11 @@ CVE-2024-10438,0,0,9ced19709ace1d6bfb86b8de1801377c2112b016d1dc92ec0264f2bb581a3
 CVE-2024-10439,0,0,dff63217c69fae9244806d074600acaa18035b339be2a233d07b224cb66e4434,2024-10-31T00:35:36.173000
 CVE-2024-1044,0,0,afe542ab3d14120a4dc6f87d2e56310efaf4c6644bbb29e84c8a93856ebe6be3,2025-02-05T14:39:38.177000
 CVE-2024-10440,0,0,28edfb6b2838e0c83bba465fa859f9eabfcf16c21fbb114f33945ddeeeda5c34,2024-10-31T00:34:23.870000
-CVE-2024-10441,1,1,f9459fc93ad7f853efc6a55dd35ca2befa0935413738d6b5165cded59f9ed640,2025-03-19T02:15:27.120000
+CVE-2024-10441,0,0,f9459fc93ad7f853efc6a55dd35ca2befa0935413738d6b5165cded59f9ed640,2025-03-19T02:15:27.120000
+CVE-2024-10442,1,1,e70304607e1a9fcff67a7d0da96dd66a959139b41dd01258f3a99b5d3ca40002,2025-03-19T03:15:11.790000
 CVE-2024-10443,0,0,9a248fde514219a3f9853f6d0a6319c7fe25a6f75bf2697069d2e08ef9a76558,2025-01-14T19:29:55.853000
-CVE-2024-10444,1,1,1c5145ef8af107fe13950f2b19576a35cd6ac8c804342d4235202a1f865c009b,2025-03-19T02:15:28.297000
-CVE-2024-10445,1,1,b6c0251e2e2f4d1a3dcbdc3cae299ba4826fd0744c4f3821ed0432b008a2f258,2025-03-19T02:15:28.413000
+CVE-2024-10444,0,0,1c5145ef8af107fe13950f2b19576a35cd6ac8c804342d4235202a1f865c009b,2025-03-19T02:15:28.297000
+CVE-2024-10445,0,0,b6c0251e2e2f4d1a3dcbdc3cae299ba4826fd0744c4f3821ed0432b008a2f258,2025-03-19T02:15:28.413000
 CVE-2024-10446,0,0,3d25a165556e0fad6d8407d42b9edffae95ba1513463aa6427887274dcd60e3e,2024-11-01T16:39:25.890000
 CVE-2024-10447,0,0,1aabb36338a0fb4db4a2b1a8bcc54889f8acb58ed831d08462413a477f5f50d0,2024-10-31T01:23:46.300000
 CVE-2024-10448,0,0,30527750f046c9cbebeef89666183ad8cc7981e5e7641fb5f3c0c165f52e1c10,2024-11-01T18:26:55.980000
@ -245370,6 +245371,7 @@ CVE-2024-11127,0,0,8ab8a7a02ec26c5b2661934596816ed78bd98367b1f4c52ffc4a58bf6fa51
 CVE-2024-11128,0,0,3daf53c78cf58dd1f31203728c75baa1e7b77755676f9f011daf94fe4d0761b7,2025-02-11T21:38:28.860000
 CVE-2024-1113,0,0,90572d47b15d75a1b5b46414b43b02fcca134882a5755a9a69a3d4ba79038a2d,2024-11-21T08:49:49.557000
 CVE-2024-11130,0,0,cf5ea4272974c91c76344000d998fe4730aaf36f216ea2c15de856330a45b0d3,2024-11-15T17:57:53.270000
+CVE-2024-11131,1,1,887e88f1011bcc13dcb37acca982bfc37969fb4ab81906836f5058e79dbfc747,2025-03-19T03:15:12.850000
 CVE-2024-11132,0,0,feeaf2e7e2e82e0878a79be4b56fd76a12cf4d245c7c3b190b813b392fcbd961,2025-03-05T19:25:22.087000
 CVE-2024-11133,0,0,303e9becf34f489bb74b3f178e52cbdead1fcd42fc3bc65ffd28fc2c4e8594de,2025-03-04T16:38:32.573000
 CVE-2024-11134,0,0,089169c177e677a380789df17eed101521b8b80a85cc2eaa375e39ac59d1ba6b,2025-03-04T16:32:22.030000
@ -284085,7 +284087,7 @@ CVE-2025-24459,0,0,257e6112464c1679ae0abd32e184bcf8f361e1385cb92f80002e53f6e2f87
 CVE-2025-24460,0,0,4f72eb3be22e4f1df5ebc3a0bd9e4b0215891e7379b9cb7c39c53c2299ad1aa4,2025-01-30T21:25:18.337000
 CVE-2025-24461,0,0,25f37a551c58c38f8a12f7c46f3328964394f6bf5bab9d552ab0758339b513f4,2025-01-30T21:26:17.583000
 CVE-2025-24470,0,0,b97a6fef4b5505dee945d637a8774d8a3a426e3a9c38ffd15f57405368d61eb7,2025-02-11T17:15:34.730000
-CVE-2025-24472,0,1,641ea3edd7e8143f53e28350922db1d41ad10babf1ffbfe914be7a323461b20d,2025-03-19T01:00:02.197000
+CVE-2025-24472,0,0,641ea3edd7e8143f53e28350922db1d41ad10babf1ffbfe914be7a323461b20d,2025-03-19T01:00:02.197000
 CVE-2025-24478,0,0,0083a83ce8a7467bd79ed623e875ec78bf3adca87990be9aea0e893fa7d8e9bc,2025-01-28T19:15:14.777000
 CVE-2025-24479,0,0,d732ba51a4f6efc84c8321c89024e480fd7d3b488cb555f37500d77679d00e07,2025-01-28T19:15:14.910000
 CVE-2025-24480,0,0,8c69070e4602e3e045b6de7421f305082c0b32c33d67076e7034c529b969d532,2025-01-28T19:15:15.033000
@ -285617,7 +285619,7 @@ CVE-2025-29996,0,0,5a028c0824c2542a10ce116c608912fe4301f96b5ba2d38f7cdf305f3c126
 CVE-2025-29997,0,0,c91a3ed6edd1bd6100eee0c75a281e2a7672ecbd486c58c8341dc417d8ca6a68,2025-03-13T12:15:14.127000
 CVE-2025-29998,0,0,f3a82be3b9ce90965eef31dd3d04a06fbca5fc5f31b02ac26305664f3f7de5cb,2025-03-13T12:15:14.277000
 CVE-2025-30022,0,0,2bbf4fa055fd725723d405bb131a4cfd34b9f8909da4fc3e54c5f19c6cbb00ed,2025-03-14T03:15:45.257000
-CVE-2025-30066,0,1,78630075a1877126cba2bacd11288a8c7e25a9d9bcc408e5a6b55555ffd37d76,2025-03-19T01:00:02.197000
+CVE-2025-30066,0,0,78630075a1877126cba2bacd11288a8c7e25a9d9bcc408e5a6b55555ffd37d76,2025-03-19T01:00:02.197000
 CVE-2025-30074,0,0,5d0dfb842ba5d24afb134fe0eb5f7e2e10f0c5619590d2c6aaa9483b4a17999a,2025-03-16T03:15:39.117000
 CVE-2025-30076,0,0,ae70a6cce406a05e108d38c82fa058b5f2fc46a32f1bafe789b6ecdef84b3c03,2025-03-17T16:15:28.220000
 CVE-2025-30077,0,0,3552a491790a6839d39471705d681d0b56a0da48a2daaa633f419312864c12e5,2025-03-17T16:15:28.360000