Auto-Update: 2024-12-17T09:00:47.315344+00:00

fkie-cad · Dec 17, 2024 · d848e4f · d848e4f
1 parent 69b5cd8
commit d848e4f
Show file tree

Hide file tree

Showing 8 changed files with 367 additions and 17 deletions.
diff --git a/CVE-2021/CVE-2021-262xx/CVE-2021-26280.json b/CVE-2021/CVE-2021-262xx/CVE-2021-26280.json
@@ -0,0 +1,56 @@
+{
+  "id": "CVE-2021-26280",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-12-17T07:15:05.343",
+  "lastModified": "2024-12-17T07:15:05.343",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Locally installed application can bypass the permission check and perform system operations that require permission."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "[email protected]",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:H",
+          "baseScore": 7.9,
+          "baseSeverity": "HIGH",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 1.5,
+        "impactScore": 5.8
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "[email protected]",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-306"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.vivo.com/en/support/security-advisory-detail?id=6",
+      "source": "[email protected]"
+    }
+  ]
+}
diff --git a/CVE-2021/CVE-2021-262xx/CVE-2021-26281.json b/CVE-2021/CVE-2021-262xx/CVE-2021-26281.json
@@ -0,0 +1,56 @@
+{
+  "id": "CVE-2021-26281",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-12-17T07:15:05.927",
+  "lastModified": "2024-12-17T07:15:05.927",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Some parameters of the alarm clock module are improperly stored, leaking some sensitive information."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "[email protected]",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
+          "baseScore": 5.5,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "LOCAL",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 1.0,
+        "impactScore": 4.0
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "[email protected]",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-200"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.vivo.com/en/support/security-advisory-detail?id=9",
+      "source": "[email protected]"
+    }
+  ]
+}
diff --git a/CVE-2024/CVE-2024-119xx/CVE-2024-11999.json b/CVE-2024/CVE-2024-119xx/CVE-2024-11999.json
@@ -0,0 +1,100 @@
+{
+  "id": "CVE-2024-11999",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-12-17T07:15:06.113",
+  "lastModified": "2024-12-17T07:15:06.113",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "CWE-1104: Use of Unmaintained Third-Party Components vulnerability exists that could cause complete\ncontrol of the device when an authenticated user installs malicious code into HMI product."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "[email protected]",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "baseScore": 8.7,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "vulnerableSystemConfidentiality": "HIGH",
+          "vulnerableSystemIntegrity": "HIGH",
+          "vulnerableSystemAvailability": "HIGH",
+          "subsequentSystemConfidentiality": "NONE",
+          "subsequentSystemIntegrity": "NONE",
+          "subsequentSystemAvailability": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirements": "NOT_DEFINED",
+          "integrityRequirements": "NOT_DEFINED",
+          "availabilityRequirements": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
+          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
+          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
+          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
+          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
+          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
+          "safety": "NOT_DEFINED",
+          "automatable": "NOT_DEFINED",
+          "recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED"
+        }
+      }
+    ],
+    "cvssMetricV31": [
+      {
+        "source": "[email protected]",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "[email protected]",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-1104"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-345-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-345-02.pdf",
+      "source": "[email protected]"
+    }
+  ]
+}
diff --git a/CVE-2024/CVE-2024-122xx/CVE-2024-12219.json b/CVE-2024/CVE-2024-122xx/CVE-2024-12219.json
@@ -0,0 +1,64 @@
+{
+  "id": "CVE-2024-12219",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-12-17T08:15:05.010",
+  "lastModified": "2024-12-17T08:15:05.010",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Stop Registration Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "[email protected]",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+          "baseScore": 6.1,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "[email protected]",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-352"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3206562/",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://wordpress.org/plugins/stop-registration-spam/#developers",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2d5fb4ac-f86e-4b5e-ad4b-be19158ab745?source=cve",
+      "source": "[email protected]"
+    }
+  ]
+}
diff --git a/CVE-2024/CVE-2024-122xx/CVE-2024-12220.json b/CVE-2024/CVE-2024-122xx/CVE-2024-12220.json
@@ -0,0 +1,64 @@
+{
+  "id": "CVE-2024-12220",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-12-17T08:15:05.393",
+  "lastModified": "2024-12-17T08:15:05.393",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The SMS for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "[email protected]",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+          "baseScore": 6.1,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "[email protected]",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-352"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3207316/",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://wordpress.org/plugins/wc-sms/#developers",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/35707e4e-ca67-43fe-b120-79101ef31155?source=cve",
+      "source": "[email protected]"
+    }
+  ]
+}
diff --git a/CVE-2024/CVE-2024-530xx/CVE-2024-53080.json b/CVE-2024/CVE-2024-530xx/CVE-2024-53080.json
@@ -2,8 +2,8 @@
   "id": "CVE-2024-53080",
   "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
   "published": "2024-11-19T18:15:27.413",
-  "lastModified": "2024-11-27T16:57:47.947",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2024-12-17T08:15:05.573",
+  "vulnStatus": "Modified",
   "cveTags": [],
   "descriptions": [
     {
@@ -114,6 +114,10 @@
       "tags": [
         "Patch"
       ]
+    },
+    {
+      "url": "https://project-zero.issues.chromium.org/issues/377500597",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
     }
   ]
 }