diff --git a/CVE-2020/CVE-2020-124xx/CVE-2020-12484.json b/CVE-2020/CVE-2020-124xx/CVE-2020-12484.json new file mode 100644 index 00000000000..e8fb219fc45 --- /dev/null +++ b/CVE-2020/CVE-2020-124xx/CVE-2020-12484.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2020-12484", + "sourceIdentifier": "security@vivo.com", + "published": "2024-12-17T03:15:05.613", + "lastModified": "2024-12-17T03:15:05.613", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "When using special mode to connect to enterprise wifi, certain options are not properly configured and attackers can pretend to be enterprise wifi through a carefully constructed wifi with the same name, which can lead to man-in-the-middle attacks." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@vivo.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "security@vivo.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], + "references": [ + { + "url": "https://www.vivo.com/en/support/security-advisory-detail?id=3", + "source": "security@vivo.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2020/CVE-2020-124xx/CVE-2020-12487.json b/CVE-2020/CVE-2020-124xx/CVE-2020-12487.json new file mode 100644 index 00000000000..a825256d7b5 --- /dev/null +++ b/CVE-2020/CVE-2020-124xx/CVE-2020-12487.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2020-12487", + "sourceIdentifier": "security@vivo.com", + "published": "2024-12-17T03:15:06.453", + "lastModified": "2024-12-17T03:15:06.453", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Due to the flaws in the verification of input parameters, the attacker can input carefully constructed commands to make the ABE service execute some commands with root privilege." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@vivo.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", + "baseScore": 7.0, + "baseSeverity": "HIGH", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.7, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "security@vivo.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://www.vivo.com/en/support/security-advisory-detail?id=4", + "source": "security@vivo.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-262xx/CVE-2021-26278.json b/CVE-2021/CVE-2021-262xx/CVE-2021-26278.json new file mode 100644 index 00000000000..0276869403c --- /dev/null +++ b/CVE-2021/CVE-2021-262xx/CVE-2021-26278.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2021-26278", + "sourceIdentifier": "security@vivo.com", + "published": "2024-12-17T03:15:06.573", + "lastModified": "2024-12-17T03:15:06.573", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The wifi module exposes the interface and has improper permission control, leaking sensitive information about the device." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@vivo.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@vivo.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], + "references": [ + { + "url": "https://www.vivo.com/en/support/security-advisory-detail?id=7", + "source": "security@vivo.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-262xx/CVE-2021-26279.json b/CVE-2021/CVE-2021-262xx/CVE-2021-26279.json new file mode 100644 index 00000000000..e78bb590659 --- /dev/null +++ b/CVE-2021/CVE-2021-262xx/CVE-2021-26279.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2021-26279", + "sourceIdentifier": "security@vivo.com", + "published": "2024-12-17T04:15:05.333", + "lastModified": "2024-12-17T04:15:05.333", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Some parameters of the weather module are improperly stored, leaking some sensitive information." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@vivo.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.5, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@vivo.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://www.vivo.com/en/support/security-advisory-detail?id=10", + "source": "security@vivo.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-122xx/CVE-2024-12239.json b/CVE-2024/CVE-2024-122xx/CVE-2024-12239.json new file mode 100644 index 00000000000..f0f4ae1b2a1 --- /dev/null +++ b/CVE-2024/CVE-2024-122xx/CVE-2024-12239.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12239", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-17T03:15:06.710", + "lastModified": "2024-12-17T03:15:06.710", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The PowerPack Lite for Beaver Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the navigate parameter in all versions up to, and including, 1.3.0.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an administrative user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/powerpack-addon-for-beaver-builder/trunk/includes/admin-settings-templates.php#L62", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5138ed4c-3e9c-45da-917e-e8d8396a62f1?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index c7e53f084bd..3334cef5e03 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-12-17T03:00:29.987705+00:00 +2024-12-17T05:00:31.582484+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-12-17T02:15:04.670000+00:00 +2024-12-17T04:15:05.333000+00:00 ``` ### Last Data Feed Release @@ -33,22 +33,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -274096 +274101 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `5` -- [CVE-2024-10205](CVE-2024/CVE-2024-102xx/CVE-2024-10205.json) (`2024-12-17T02:15:04.670`) +- [CVE-2020-12484](CVE-2020/CVE-2020-124xx/CVE-2020-12484.json) (`2024-12-17T03:15:05.613`) +- [CVE-2020-12487](CVE-2020/CVE-2020-124xx/CVE-2020-12487.json) (`2024-12-17T03:15:06.453`) +- [CVE-2021-26278](CVE-2021/CVE-2021-262xx/CVE-2021-26278.json) (`2024-12-17T03:15:06.573`) +- [CVE-2021-26279](CVE-2021/CVE-2021-262xx/CVE-2021-26279.json) (`2024-12-17T04:15:05.333`) +- [CVE-2024-12239](CVE-2024/CVE-2024-122xx/CVE-2024-12239.json) (`2024-12-17T03:15:06.710`) ### CVEs modified in the last Commit -Recently modified CVEs: `2` +Recently modified CVEs: `0` -- [CVE-2024-20767](CVE-2024/CVE-2024-207xx/CVE-2024-20767.json) (`2024-12-17T02:00:02.077`) -- [CVE-2024-35250](CVE-2024/CVE-2024-352xx/CVE-2024-35250.json) (`2024-12-17T02:00:02.077`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 6d23be1223b..7791285b0ae 100644 --- a/_state.csv +++ b/_state.csv @@ -147523,7 +147523,9 @@ CVE-2020-12479,0,0,ec17c17b09e976e1a152c643e3819d31c36aa7665a5a00e913db3e872553d CVE-2020-1248,0,0,13846caf4ce8e83ae09b68ddfc0a09f0e2c8b82eb7c11fce8ac89777e4b28958,2024-11-21T05:10:04.680000 CVE-2020-12480,0,0,0eb005b3147816e6714e49902149bb9b5f1f1e4f7114cad3e2c62d80cd30989b,2024-11-21T04:59:47.240000 CVE-2020-12483,0,0,077f89965a271291848319a5ac990a75c110e11b7bca84d208ce8c4f40ff051f,2024-11-21T04:59:47.377000 +CVE-2020-12484,1,1,cabcdf4c18d0aeced1f122124c5e71c0ee429091bf81927dc9e3b8f3c7396d45,2024-12-17T03:15:05.613000 CVE-2020-12485,0,0,34d81bb19b71d2eb23361fb1f271047b4813b2499e1cb998e4798b107710317c,2024-11-21T04:59:47.523000 +CVE-2020-12487,1,1,c82fc8bbd8e4396cdabebc006a1dbee8bd281d5be94f199f90a1f512290eb4cb,2024-12-17T03:15:06.453000 CVE-2020-12488,0,0,aa5f4d3af768dd7a35ad93f0603aebf70b7c10f6792c470bb94ed94e60611a16,2024-11-21T04:59:47.660000 CVE-2020-1249,0,0,ee0dd0717eadfbf0e10875ab0544a1bfd1f22d694690d411785027304662d187,2024-11-21T05:10:04.813000 CVE-2020-12491,0,0,f0ca1d801193be292260dc60337caae3590167cf6284edefb2b1d11a8df2c5e3,2024-11-25T10:15:04.983000 @@ -171951,6 +171953,8 @@ CVE-2021-26274,0,0,197895f44e1ae2d83cc6d85c4c4212de83f3ab926cbedcc348730f67e6324 CVE-2021-26275,0,0,c67a46870365f376d673abcd812dcccefaea6dc5f29b65664d2310b910034002,2024-11-21T05:56:01.397000 CVE-2021-26276,0,0,fe12842147a3d9597cc53ff3b852150c687cc9cccbec63feeda8fb67ff2b9400,2024-11-21T05:56:01.557000 CVE-2021-26277,0,0,0a521d9773294b67632bbd79404a9f6d2a97acd1eb8e9f9a8038e5d2b475c2ca,2024-11-21T05:56:01.737000 +CVE-2021-26278,1,1,55407bd13a095819f1504458cc6585abdb858e5fd2879472762489a613345e4f,2024-12-17T03:15:06.573000 +CVE-2021-26279,1,1,9dd09a10896aa30f87886cca9f28cc67fa690cc104e533c9343e07e9982338fb,2024-12-17T04:15:05.333000 CVE-2021-26291,0,0,a04873286f43d02ade91ec647e4cbb9371cd14cf2599798866ce37ea0cdaa411,2024-11-21T05:56:01.890000 CVE-2021-26293,0,0,c750cb4d2f6ab1250e05b92eab3115686dad6da9115e076093b7972b18076f46,2024-11-21T05:56:02.120000 CVE-2021-26294,0,0,c601a19fe6c9ddea2dedc80c3da8fb3ff5a80b9d3af720fefe2ace690f633037,2024-11-21T05:56:02.270000 @@ -243179,7 +243183,7 @@ CVE-2024-10201,0,0,d28f8397fef58d8ebbc3ab5219a78ce309df9376e42404e5bb217ebab8ee8 CVE-2024-10202,0,0,e24b6f6c53e1e294cbc144ab84950b92d8732523af1d88b225f6757a45ec2cd3,2024-10-24T13:55:46.110000 CVE-2024-10203,0,0,c44f09c095e5f43bcaf05ddbccb708d70c961ded60a3f26c0a4aedf8833eb1d7,2024-11-08T19:01:03.880000 CVE-2024-10204,0,0,c1aef3d759e33911bc7bc0be9dac4b362c17b81fcf2e1e72015f81b94fc1ab9d,2024-11-19T21:57:32.967000 -CVE-2024-10205,1,1,b66f885e8cef7783311250f8a7eeaff136b6049ef5ec7ec57aa1b3b7bf63badd,2024-12-17T02:15:04.670000 +CVE-2024-10205,0,0,b66f885e8cef7783311250f8a7eeaff136b6049ef5ec7ec57aa1b3b7bf63badd,2024-12-17T02:15:04.670000 CVE-2024-1021,0,0,56f2f9eee79bdc92dbb448a3c95eee6b8f89b4e054d4b7192e1d1c62db78aeca,2024-11-21T08:49:37.003000 CVE-2024-10214,0,0,467db0fceb73548b6a7ebc4075348a74b9e7e348b74ad43d9d19dc1d995ea230,2024-11-05T17:03:22.953000 CVE-2024-10216,0,0,3b33d4ace8102c37cd94e685981da92ecdd510dbca3a990bc771780d9758061a,2024-11-23T04:15:07.523000 @@ -244658,6 +244662,7 @@ CVE-2024-12233,0,0,d89c9263a4f22f201b1dce8be51578aec307181a11a72f57d5d6a093a5589 CVE-2024-12234,0,0,25d3aa7d45ccf0539b66121de3bcd155bbef1f8925f8aad4f69521eed8a998f2,2024-12-10T23:25:36.387000 CVE-2024-12235,0,0,92689efaa37165c78224efb1efe409523be7fb3f3558d4576511504eb96aac91,2024-12-05T18:15:21.660000 CVE-2024-12236,0,0,390d11985338138a2913d618c1818ae388b2b2c32249174c40691687eabfe343,2024-12-10T15:15:07.147000 +CVE-2024-12239,1,1,7e14d3325d4b147176649ece8dc2b0064f40f6c3be58ca9c730b210c8ac8ed58,2024-12-17T03:15:06.710000 CVE-2024-1224,0,0,cbfbaa5b4f0e1c410530412d727d5bf58dfe126bd3d740f330bf5c6e93a0658e,2024-11-21T08:50:05.487000 CVE-2024-12247,0,0,ad117a7da5529073984608210b9ebf0c8357341e47d0f7a47c01f4275cf4ac25,2024-12-05T16:15:25.243000 CVE-2024-1225,0,0,1335eabc5dc5752fbd7f31a11bdeda2f1be9be2c21abaca809140eabb8940f2a,2024-11-21T08:50:05.673000 @@ -246105,7 +246110,7 @@ CVE-2024-20763,0,0,85e3d365bd8f70bb83e697510efbc0c1af98cc029e70ebe9045e9cb8471b8 CVE-2024-20764,0,0,a080d634ce17b8cdbb85357fca6cda5d794fe7d9539aa4c5f46ce35e5c1cac27,2024-12-04T15:15:25.463000 CVE-2024-20765,0,0,40964bb8beca999330ba180c774b93466f325f8731cc914b7b9cd58d9c2d050c,2024-11-21T08:53:06.653000 CVE-2024-20766,0,0,95ac04a20504881d574a50944d27c002096349013c0a37ca7842a8653794b342,2024-12-05T15:18:04.873000 -CVE-2024-20767,0,1,ae66121e62e6acd691604b5a21c1e50b45baacd384bdb97fe32d5d6340bf6c84,2024-12-17T02:00:02.077000 +CVE-2024-20767,0,0,ae66121e62e6acd691604b5a21c1e50b45baacd384bdb97fe32d5d6340bf6c84,2024-12-17T02:00:02.077000 CVE-2024-20768,0,0,5cfbec6f58ac0ddaff40efa6f7a3cd9811b930452273e0862a7b84351ebbd04e,2024-12-03T21:46:08.623000 CVE-2024-20769,0,0,6f13dc6481e3cb8cd025c6fbd6c6e0274141093e081dce88926d28d6a572c19b,2024-11-21T08:53:07.133000 CVE-2024-2077,0,0,d186f54d9f8a90379d391459b9a5cb9d8307f4f1713a18aa8bf99e9d56318c5c,2024-12-09T22:39:42.837000 @@ -257004,7 +257009,7 @@ CVE-2024-35247,0,0,dda0cd3411fcd13059f9606bedd08c571900aa945b233a955dbeca9ed9ce9 CVE-2024-35248,0,0,7c3ed5cb016eeae24ebeb7d52be404adf38788725c5e83b5d27391e0dc1d9bf7,2024-11-21T09:20:00.980000 CVE-2024-35249,0,0,302b7c8906e51cdc971703773787e3153a88d65789ad0641a56c6ae0bd42570d,2024-11-21T09:20:01.130000 CVE-2024-3525,0,0,8b2c6a8c265bd120a4ae62349e50b9dc4f071348306abdc8eba422a9675a5ff1,2024-11-21T09:29:46.930000 -CVE-2024-35250,0,1,ce6a53f3c0a8dfa3764b939943deaf8e7659c0859ad9a03dafbf3ef57b7b7d43,2024-12-17T02:00:02.077000 +CVE-2024-35250,0,0,ce6a53f3c0a8dfa3764b939943deaf8e7659c0859ad9a03dafbf3ef57b7b7d43,2024-12-17T02:00:02.077000 CVE-2024-35252,0,0,0f8cf4ca91d191378f3442941d01f34b6bf05c200f0024f0bb3474e02f2e50d7,2024-11-21T09:20:01.453000 CVE-2024-35253,0,0,bee685c773d8375872a8fd41de235ce0377b714b15d51115236139dd0a8b700c,2024-11-21T09:20:01.607000 CVE-2024-35254,0,0,0973352a78955e1008d161d71b8515ce181d81658087521aabcddd672b8cbfcc,2024-11-21T09:20:01.750000