From 13e0fb1d1766de85d40baf5aa0449e841ad3ebc8 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 3 Feb 2025 05:03:48 +0000 Subject: [PATCH] Auto-Update: 2025-02-03T05:00:20.992398+00:00 --- CVE-2024/CVE-2024-201xx/CVE-2024-20141.json | 33 ++++++++++++ CVE-2024/CVE-2024-201xx/CVE-2024-20142.json | 33 ++++++++++++ CVE-2024/CVE-2024-201xx/CVE-2024-20147.json | 33 ++++++++++++ CVE-2025/CVE-2025-206xx/CVE-2025-20631.json | 33 ++++++++++++ CVE-2025/CVE-2025-206xx/CVE-2025-20632.json | 33 ++++++++++++ CVE-2025/CVE-2025-206xx/CVE-2025-20633.json | 33 ++++++++++++ CVE-2025/CVE-2025-206xx/CVE-2025-20634.json | 33 ++++++++++++ CVE-2025/CVE-2025-206xx/CVE-2025-20635.json | 33 ++++++++++++ CVE-2025/CVE-2025-206xx/CVE-2025-20636.json | 33 ++++++++++++ CVE-2025/CVE-2025-206xx/CVE-2025-20637.json | 33 ++++++++++++ CVE-2025/CVE-2025-206xx/CVE-2025-20638.json | 33 ++++++++++++ CVE-2025/CVE-2025-206xx/CVE-2025-20639.json | 33 ++++++++++++ CVE-2025/CVE-2025-206xx/CVE-2025-20640.json | 33 ++++++++++++ CVE-2025/CVE-2025-206xx/CVE-2025-20641.json | 33 ++++++++++++ CVE-2025/CVE-2025-206xx/CVE-2025-20642.json | 33 ++++++++++++ CVE-2025/CVE-2025-206xx/CVE-2025-20643.json | 33 ++++++++++++ CVE-2025/CVE-2025-250xx/CVE-2025-25062.json | 56 +++++++++++++++++++++ CVE-2025/CVE-2025-250xx/CVE-2025-25063.json | 56 +++++++++++++++++++++ README.md | 28 ++++++++--- _state.csv | 22 +++++++- 20 files changed, 682 insertions(+), 8 deletions(-) create mode 100644 CVE-2024/CVE-2024-201xx/CVE-2024-20141.json create mode 100644 CVE-2024/CVE-2024-201xx/CVE-2024-20142.json create mode 100644 CVE-2024/CVE-2024-201xx/CVE-2024-20147.json create mode 100644 CVE-2025/CVE-2025-206xx/CVE-2025-20631.json create mode 100644 CVE-2025/CVE-2025-206xx/CVE-2025-20632.json create mode 100644 CVE-2025/CVE-2025-206xx/CVE-2025-20633.json create mode 100644 CVE-2025/CVE-2025-206xx/CVE-2025-20634.json create mode 100644 CVE-2025/CVE-2025-206xx/CVE-2025-20635.json create mode 100644 CVE-2025/CVE-2025-206xx/CVE-2025-20636.json create mode 100644 CVE-2025/CVE-2025-206xx/CVE-2025-20637.json create mode 100644 CVE-2025/CVE-2025-206xx/CVE-2025-20638.json create mode 100644 CVE-2025/CVE-2025-206xx/CVE-2025-20639.json create mode 100644 CVE-2025/CVE-2025-206xx/CVE-2025-20640.json create mode 100644 CVE-2025/CVE-2025-206xx/CVE-2025-20641.json create mode 100644 CVE-2025/CVE-2025-206xx/CVE-2025-20642.json create mode 100644 CVE-2025/CVE-2025-206xx/CVE-2025-20643.json create mode 100644 CVE-2025/CVE-2025-250xx/CVE-2025-25062.json create mode 100644 CVE-2025/CVE-2025-250xx/CVE-2025-25063.json diff --git a/CVE-2024/CVE-2024-201xx/CVE-2024-20141.json b/CVE-2024/CVE-2024-201xx/CVE-2024-20141.json new file mode 100644 index 00000000000..a9263faeabe --- /dev/null +++ b/CVE-2024/CVE-2024-201xx/CVE-2024-20141.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-20141", + "sourceIdentifier": "security@mediatek.com", + "published": "2025-02-03T04:15:07.660", + "lastModified": "2025-02-03T04:15:07.660", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291402; Issue ID: MSV-2073." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@mediatek.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-123" + } + ] + } + ], + "references": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/February-2025", + "source": "security@mediatek.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-201xx/CVE-2024-20142.json b/CVE-2024/CVE-2024-201xx/CVE-2024-20142.json new file mode 100644 index 00000000000..0c99bb52da3 --- /dev/null +++ b/CVE-2024/CVE-2024-201xx/CVE-2024-20142.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-20142", + "sourceIdentifier": "security@mediatek.com", + "published": "2025-02-03T04:15:07.803", + "lastModified": "2025-02-03T04:15:07.803", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291406; Issue ID: MSV-2070." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@mediatek.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/February-2025", + "source": "security@mediatek.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-201xx/CVE-2024-20147.json b/CVE-2024/CVE-2024-201xx/CVE-2024-20147.json new file mode 100644 index 00000000000..eacfdc7cb43 --- /dev/null +++ b/CVE-2024/CVE-2024-201xx/CVE-2024-20147.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-20147", + "sourceIdentifier": "security@mediatek.com", + "published": "2025-02-03T04:15:07.927", + "lastModified": "2025-02-03T04:15:07.927", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In Bluetooth FW, there is a possible reachable assertion due to improper exception handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389046 (Note: For MT79XX chipsets) / ALPS09136501 (Note: For MT2737, MT3603, MT6XXX, and MT8XXX chipsets); Issue ID: MSV-1797." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@mediatek.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-617" + } + ] + } + ], + "references": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/February-2025", + "source": "security@mediatek.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-206xx/CVE-2025-20631.json b/CVE-2025/CVE-2025-206xx/CVE-2025-20631.json new file mode 100644 index 00000000000..2cd538a76ba --- /dev/null +++ b/CVE-2025/CVE-2025-206xx/CVE-2025-20631.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-20631", + "sourceIdentifier": "security@mediatek.com", + "published": "2025-02-03T04:15:08.060", + "lastModified": "2025-02-03T04:15:08.060", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00397141; Issue ID: MSV-2187." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@mediatek.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/February-2025", + "source": "security@mediatek.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-206xx/CVE-2025-20632.json b/CVE-2025/CVE-2025-206xx/CVE-2025-20632.json new file mode 100644 index 00000000000..55755430a40 --- /dev/null +++ b/CVE-2025/CVE-2025-206xx/CVE-2025-20632.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-20632", + "sourceIdentifier": "security@mediatek.com", + "published": "2025-02-03T04:15:08.177", + "lastModified": "2025-02-03T04:15:08.177", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00397139; Issue ID: MSV-2188." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@mediatek.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/February-2025", + "source": "security@mediatek.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-206xx/CVE-2025-20633.json b/CVE-2025/CVE-2025-206xx/CVE-2025-20633.json new file mode 100644 index 00000000000..f13e93d6582 --- /dev/null +++ b/CVE-2025/CVE-2025-206xx/CVE-2025-20633.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-20633", + "sourceIdentifier": "security@mediatek.com", + "published": "2025-02-03T04:15:08.307", + "lastModified": "2025-02-03T04:15:08.307", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00400889; Issue ID: MSV-2491." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@mediatek.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/February-2025", + "source": "security@mediatek.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-206xx/CVE-2025-20634.json b/CVE-2025/CVE-2025-206xx/CVE-2025-20634.json new file mode 100644 index 00000000000..b1263435776 --- /dev/null +++ b/CVE-2025/CVE-2025-206xx/CVE-2025-20634.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-20634", + "sourceIdentifier": "security@mediatek.com", + "published": "2025-02-03T04:15:08.423", + "lastModified": "2025-02-03T04:15:08.423", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01289384; Issue ID: MSV-2436." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@mediatek.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/February-2025", + "source": "security@mediatek.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-206xx/CVE-2025-20635.json b/CVE-2025/CVE-2025-206xx/CVE-2025-20635.json new file mode 100644 index 00000000000..92ab72dda25 --- /dev/null +++ b/CVE-2025/CVE-2025-206xx/CVE-2025-20635.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-20635", + "sourceIdentifier": "security@mediatek.com", + "published": "2025-02-03T04:15:08.540", + "lastModified": "2025-02-03T04:15:08.540", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09403752; Issue ID: MSV-2434." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@mediatek.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/February-2025", + "source": "security@mediatek.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-206xx/CVE-2025-20636.json b/CVE-2025/CVE-2025-206xx/CVE-2025-20636.json new file mode 100644 index 00000000000..2b7f24c6bcc --- /dev/null +++ b/CVE-2025/CVE-2025-206xx/CVE-2025-20636.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-20636", + "sourceIdentifier": "security@mediatek.com", + "published": "2025-02-03T04:15:08.643", + "lastModified": "2025-02-03T04:15:08.643", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In secmem, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09403554; Issue ID: MSV-2431." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@mediatek.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/February-2025", + "source": "security@mediatek.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-206xx/CVE-2025-20637.json b/CVE-2025/CVE-2025-206xx/CVE-2025-20637.json new file mode 100644 index 00000000000..230e4127c6b --- /dev/null +++ b/CVE-2025/CVE-2025-206xx/CVE-2025-20637.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-20637", + "sourceIdentifier": "security@mediatek.com", + "published": "2025-02-03T04:15:08.747", + "lastModified": "2025-02-03T04:15:08.747", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In network HW, there is a possible system hang due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00399035; Issue ID: MSV-2380." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@mediatek.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-248" + } + ] + } + ], + "references": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/February-2025", + "source": "security@mediatek.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-206xx/CVE-2025-20638.json b/CVE-2025/CVE-2025-206xx/CVE-2025-20638.json new file mode 100644 index 00000000000..940c50969d1 --- /dev/null +++ b/CVE-2025/CVE-2025-206xx/CVE-2025-20638.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-20638", + "sourceIdentifier": "security@mediatek.com", + "published": "2025-02-03T04:15:08.863", + "lastModified": "2025-02-03T04:15:08.863", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In DA, there is a possible read of uninitialized heap data due to uninitialized data. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291449; Issue ID: MSV-2066." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@mediatek.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-457" + } + ] + } + ], + "references": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/February-2025", + "source": "security@mediatek.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-206xx/CVE-2025-20639.json b/CVE-2025/CVE-2025-206xx/CVE-2025-20639.json new file mode 100644 index 00000000000..8d59f845a21 --- /dev/null +++ b/CVE-2025/CVE-2025-206xx/CVE-2025-20639.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-20639", + "sourceIdentifier": "security@mediatek.com", + "published": "2025-02-03T04:15:08.980", + "lastModified": "2025-02-03T04:15:08.980", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2060." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@mediatek.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/February-2025", + "source": "security@mediatek.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-206xx/CVE-2025-20640.json b/CVE-2025/CVE-2025-206xx/CVE-2025-20640.json new file mode 100644 index 00000000000..8d853bcc6bc --- /dev/null +++ b/CVE-2025/CVE-2025-206xx/CVE-2025-20640.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-20640", + "sourceIdentifier": "security@mediatek.com", + "published": "2025-02-03T04:15:09.093", + "lastModified": "2025-02-03T04:15:09.093", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2059." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@mediatek.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/February-2025", + "source": "security@mediatek.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-206xx/CVE-2025-20641.json b/CVE-2025/CVE-2025-206xx/CVE-2025-20641.json new file mode 100644 index 00000000000..599bb3fc183 --- /dev/null +++ b/CVE-2025/CVE-2025-206xx/CVE-2025-20641.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-20641", + "sourceIdentifier": "security@mediatek.com", + "published": "2025-02-03T04:15:09.210", + "lastModified": "2025-02-03T04:15:09.210", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2058." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@mediatek.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/February-2025", + "source": "security@mediatek.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-206xx/CVE-2025-20642.json b/CVE-2025/CVE-2025-206xx/CVE-2025-20642.json new file mode 100644 index 00000000000..f26c2d0971e --- /dev/null +++ b/CVE-2025/CVE-2025-206xx/CVE-2025-20642.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-20642", + "sourceIdentifier": "security@mediatek.com", + "published": "2025-02-03T04:15:09.333", + "lastModified": "2025-02-03T04:15:09.333", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2057." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@mediatek.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/February-2025", + "source": "security@mediatek.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-206xx/CVE-2025-20643.json b/CVE-2025/CVE-2025-206xx/CVE-2025-20643.json new file mode 100644 index 00000000000..214eb61d5ad --- /dev/null +++ b/CVE-2025/CVE-2025-206xx/CVE-2025-20643.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-20643", + "sourceIdentifier": "security@mediatek.com", + "published": "2025-02-03T04:15:09.460", + "lastModified": "2025-02-03T04:15:09.460", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2056." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@mediatek.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-1295" + } + ] + } + ], + "references": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/February-2025", + "source": "security@mediatek.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-250xx/CVE-2025-25062.json b/CVE-2025/CVE-2025-250xx/CVE-2025-25062.json new file mode 100644 index 00000000000..56feb318366 --- /dev/null +++ b/CVE-2025/CVE-2025-250xx/CVE-2025-25062.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-25062", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-02-03T04:15:09.587", + "lastModified": "2025-02-03T04:15:09.587", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It doesn't sufficiently isolate long text content when the CKEditor 5 rich text editor is used. This allows a potential attacker to craft specialized HTML and JavaScript that may be executed when an administrator attempts to edit a piece of content. This vulnerability is mitigated by the fact that an attacker must have the ability to create long text content (such as through the node or comment forms) and an administrator must edit (not view) the content that contains the malicious content. This problem only exists when using the CKEditor 5 module." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://backdropcms.org/security/backdrop-sa-core-2025-001", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-250xx/CVE-2025-25063.json b/CVE-2025/CVE-2025-250xx/CVE-2025-25063.json new file mode 100644 index 00000000000..c1e00569875 --- /dev/null +++ b/CVE-2025/CVE-2025-250xx/CVE-2025-25063.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-25063", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-02-03T04:15:09.760", + "lastModified": "2025-02-03T04:15:09.760", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It does not sufficiently validate uploaded SVG images to ensure they do not contain potentially dangerous SVG tags. SVG images can contain clickable links and executable scripting, and using a crafted SVG, it is possible to execute scripting in the browser when an SVG image is viewed. This issue is mitigated by the attacker needing to be able to upload SVG images, and that Backdrop embeds all uploaded SVG images within <img> tags, which prevents scripting from executing. The SVG must be viewed directly by its URL in order to run any embedded scripting." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://backdropcms.org/security/backdrop-sa-core-2025-002", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index a17801e4e7b..2dd33c216a5 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-02-03T03:00:30.983419+00:00 +2025-02-03T05:00:20.992398+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-02-03T02:15:26.433000+00:00 +2025-02-03T04:15:09.760000+00:00 ``` ### Last Data Feed Release @@ -33,15 +33,31 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -279766 +279784 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `18` -- [CVE-2025-0973](CVE-2025/CVE-2025-09xx/CVE-2025-0973.json) (`2025-02-03T01:15:07.263`) -- [CVE-2025-0974](CVE-2025/CVE-2025-09xx/CVE-2025-0974.json) (`2025-02-03T02:15:26.433`) +- [CVE-2024-20141](CVE-2024/CVE-2024-201xx/CVE-2024-20141.json) (`2025-02-03T04:15:07.660`) +- [CVE-2024-20142](CVE-2024/CVE-2024-201xx/CVE-2024-20142.json) (`2025-02-03T04:15:07.803`) +- [CVE-2024-20147](CVE-2024/CVE-2024-201xx/CVE-2024-20147.json) (`2025-02-03T04:15:07.927`) +- [CVE-2025-20631](CVE-2025/CVE-2025-206xx/CVE-2025-20631.json) (`2025-02-03T04:15:08.060`) +- [CVE-2025-20632](CVE-2025/CVE-2025-206xx/CVE-2025-20632.json) (`2025-02-03T04:15:08.177`) +- [CVE-2025-20633](CVE-2025/CVE-2025-206xx/CVE-2025-20633.json) (`2025-02-03T04:15:08.307`) +- [CVE-2025-20634](CVE-2025/CVE-2025-206xx/CVE-2025-20634.json) (`2025-02-03T04:15:08.423`) +- [CVE-2025-20635](CVE-2025/CVE-2025-206xx/CVE-2025-20635.json) (`2025-02-03T04:15:08.540`) +- [CVE-2025-20636](CVE-2025/CVE-2025-206xx/CVE-2025-20636.json) (`2025-02-03T04:15:08.643`) +- [CVE-2025-20637](CVE-2025/CVE-2025-206xx/CVE-2025-20637.json) (`2025-02-03T04:15:08.747`) +- [CVE-2025-20638](CVE-2025/CVE-2025-206xx/CVE-2025-20638.json) (`2025-02-03T04:15:08.863`) +- [CVE-2025-20639](CVE-2025/CVE-2025-206xx/CVE-2025-20639.json) (`2025-02-03T04:15:08.980`) +- [CVE-2025-20640](CVE-2025/CVE-2025-206xx/CVE-2025-20640.json) (`2025-02-03T04:15:09.093`) +- [CVE-2025-20641](CVE-2025/CVE-2025-206xx/CVE-2025-20641.json) (`2025-02-03T04:15:09.210`) +- [CVE-2025-20642](CVE-2025/CVE-2025-206xx/CVE-2025-20642.json) (`2025-02-03T04:15:09.333`) +- [CVE-2025-20643](CVE-2025/CVE-2025-206xx/CVE-2025-20643.json) (`2025-02-03T04:15:09.460`) +- [CVE-2025-25062](CVE-2025/CVE-2025-250xx/CVE-2025-25062.json) (`2025-02-03T04:15:09.587`) +- [CVE-2025-25063](CVE-2025/CVE-2025-250xx/CVE-2025-25063.json) (`2025-02-03T04:15:09.760`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 86567d1f8b7..418396b7ce7 100644 --- a/_state.csv +++ b/_state.csv @@ -247153,10 +247153,13 @@ CVE-2024-20138,0,0,1264e7fcc71f95b0ae39f37ee36146e7c465bf599e4b07c736bd426b81382 CVE-2024-20139,0,0,434bf1878b4edcc6ee42c87512888b556d261e46d1cb8ef2e233401120fa701b,2024-12-02T16:15:08.770000 CVE-2024-2014,0,0,9c6b7427d7e4ecbb91bf5ac0c5393a05c9efb2a90a5cef1334b8ef37b43c6713,2024-11-21T09:08:48.813000 CVE-2024-20140,0,0,abdefdf55af9c04b39505134bb76fe7fc2020967809a7e6f1b53a61d701fa68a,2025-01-06T15:15:11.600000 +CVE-2024-20141,1,1,5b2f2d428a571a1af08b9320c2be4141e3be75af7164271fd2c591899d74a245,2025-02-03T04:15:07.660000 +CVE-2024-20142,1,1,831598bb30946d73008224fe25fa8bc2794b13ddcc03e0610009b8d7b2aaee0b,2025-02-03T04:15:07.803000 CVE-2024-20143,0,0,72741489c266087fa52a215cdc5a63a1e8e5c05ba33b72063739424e15100b6a,2025-01-06T15:15:11.753000 CVE-2024-20144,0,0,dd0bde2dc33084db00dc8205beac10e41605c84cd3041697ffc83cea5ab50ed6,2025-01-06T15:15:11.917000 CVE-2024-20145,0,0,7ec4c6219266146d3df0e44b77fa0208be1311c4948f11f0e37de5fe2f21e90f,2025-01-06T15:15:12.077000 CVE-2024-20146,0,0,b6bb48c380b3b8b9d3cfd85bd440a87f185fae663e0c8193340e8b9dd92f1503,2025-01-06T15:15:12.223000 +CVE-2024-20147,1,1,7e1d70cf04e3f68e1e29a72f138ba8cca90ce75e8f9ccb58424be8418393d622,2025-02-03T04:15:07.927000 CVE-2024-20148,0,0,020b2cd09e91f8beac0c9caedb7ae42dc4f322034d76d3f8252025922b8dcaa2,2025-01-06T15:15:12.387000 CVE-2024-20149,0,0,568ee02819888360cfcfe668f6e33aef2b41d5b7206273582d0fafdca3736f77,2025-01-06T15:15:12.523000 CVE-2024-2015,0,0,4b2b7166fa9575a7c1050901ca90dd43f109899611c303f2828bf2e2cf52681a,2024-11-21T09:08:48.950000 @@ -278266,8 +278269,8 @@ CVE-2025-0967,0,0,728a9126726e0e350a5a8c892697ccdf6812a974486e289872836698a19ef8 CVE-2025-0970,0,0,95e62525aebec3fbba9f5912053c211ecd537e958ef44f7053ff3a4aced6d2dd,2025-02-02T23:15:19.027000 CVE-2025-0971,0,0,c8a3294328317f8d3453b7c51436c171e751d25251685937b4bd407805261ee7,2025-02-03T00:15:27.797000 CVE-2025-0972,0,0,3993ac5cb544f96eddd4ea382f0cae390a0048486c03ea18bb36ab062e41c6ed,2025-02-03T00:15:28.007000 -CVE-2025-0973,1,1,37f661449c5d41bc7d595495ef0c9ea92e0effb9bc1925009def0bc433286647,2025-02-03T01:15:07.263000 -CVE-2025-0974,1,1,8c546eff83dbe5240d979de322859dbce3e0f40803afa459c807306a06c0fe25,2025-02-03T02:15:26.433000 +CVE-2025-0973,0,0,37f661449c5d41bc7d595495ef0c9ea92e0effb9bc1925009def0bc433286647,2025-02-03T01:15:07.263000 +CVE-2025-0974,0,0,8c546eff83dbe5240d979de322859dbce3e0f40803afa459c807306a06c0fe25,2025-02-03T02:15:26.433000 CVE-2025-20014,0,0,c7b03c8de0f1a02652afc1076707a5c9ed340500d3cc7fc3a1a2840db59d647f,2025-01-29T20:15:35.207000 CVE-2025-20016,0,0,6fccb84eb01c2cd66b422e82777f9738bfe5004121e1b551d0ae454724543c0e,2025-01-14T10:15:07.500000 CVE-2025-20033,0,0,6c60c85e451f1d6db70378d678ddf83dacc7c823ecfb493748ed6d94114eff49,2025-01-09T07:15:28.450000 @@ -278289,6 +278292,19 @@ CVE-2025-20617,0,0,5e5337fea3f32f18b26cd8ba8dd17d3809fb24229b1710efe951151848f1e CVE-2025-20620,0,0,3537bfd354e2e5606a7442449870297aadd63b5c6f244c03eb513f3f9ee090eb,2025-01-14T10:15:07.860000 CVE-2025-20621,0,0,060306fc4f84916fe909badb69a5829b34e2103b61fada341bb3713a68cfaebc,2025-01-16T19:15:29.960000 CVE-2025-20630,0,0,0cb6d1c0b91807d74fd49faca2a027b3e775f1213907ee8f88e4e58cb3b78a59,2025-01-16T19:15:30.110000 +CVE-2025-20631,1,1,294bee6570826d339680d764b3c71085638d6187a4946618ec2d4a590952b2b4,2025-02-03T04:15:08.060000 +CVE-2025-20632,1,1,61d171a0a133bc1f03431d9d09cd560f8e08d6b5d4d7866487aaf8cb6f7ef835,2025-02-03T04:15:08.177000 +CVE-2025-20633,1,1,6d56a829b7a8869dfc1f912362e005c276eccb732bc80f3ef2180e21d82031e2,2025-02-03T04:15:08.307000 +CVE-2025-20634,1,1,f0e9dd85166e65cd94b2baf76d874f690b6276a6f27cd6dd46452c0176b65005,2025-02-03T04:15:08.423000 +CVE-2025-20635,1,1,a5c9198272a38c2a0da12a8b5b85cca2c82c6b074a7c9dccb1ae9fda0968fb6f,2025-02-03T04:15:08.540000 +CVE-2025-20636,1,1,f5f5bf8ddedda56504662788de1ede735adcbb879aef5f344026f03acb5a02f6,2025-02-03T04:15:08.643000 +CVE-2025-20637,1,1,c6822a9e96d7e55131004e651df23b9a9d6903b1dd081b6f2108f590d17f8929,2025-02-03T04:15:08.747000 +CVE-2025-20638,1,1,f0d693eae65e0fbc22c7f804be28612e21538867f20b337de7d7f457fe70bf81,2025-02-03T04:15:08.863000 +CVE-2025-20639,1,1,ad1c951307707f522e9a51cbe470ba258b098a63524a8cebfded4b083773999b,2025-02-03T04:15:08.980000 +CVE-2025-20640,1,1,3ed09539e8520da0cf8de4cb3f8eb0305375d5bba1e40df569ff1d2f8efcfd38,2025-02-03T04:15:09.093000 +CVE-2025-20641,1,1,1f1dca11e4396155c6c2d85e92a60048fbfbc362057a650d33cbb68d667c0850,2025-02-03T04:15:09.210000 +CVE-2025-20642,1,1,4c81b8f5d6614b9c2cccc3ff419c471c8bb10f0a5269dde48d70240fe84d2196,2025-02-03T04:15:09.333000 +CVE-2025-20643,1,1,d9c2eb3aed18de614f96e3f2b467b2cde5cdf5510e8614fa1e01326da8da55f7,2025-02-03T04:15:09.460000 CVE-2025-21083,0,0,b1f881e778d473a44d11cfcbd38b4988ccf3c0bae1e47d54950fb32a165015e0,2025-01-15T17:15:19.393000 CVE-2025-21088,0,0,2fc6ecd1dae8270574ff01139ed8a42b63c05aa457c258a8d76906ce3a93ca54,2025-01-15T16:15:32.413000 CVE-2025-21101,0,0,54fc3436ce4cfc40d8a2f15abbf941cc22582b7c164f3bb799cb159e69cf76ad,2025-01-15T05:15:09.097000 @@ -279765,3 +279781,5 @@ CVE-2025-24884,0,0,c8f8a9327c2f3a8834bafd81cd529a51e8f5ae8556d58ea7a307819d44153 CVE-2025-24885,0,0,0a632954017de6517b1f4086dc09ffdb61b42a67962d4ef471217a658992e732,2025-01-30T23:15:07.993000 CVE-2025-24886,0,0,22fe46ec70a40a868eba2ce8010e4edb050dca5246d72f260cb907446680300d,2025-01-30T23:15:08.990000 CVE-2025-24891,0,0,07e08674cd8442d8685f561260fcf45fa0fd7fb9d59fcfb97bcd82467bccf06d,2025-01-31T23:15:08.457000 +CVE-2025-25062,1,1,d7cd47140e90c99ff5d70fbea50bb5a39373533859e38c36979aba1d23137e6e,2025-02-03T04:15:09.587000 +CVE-2025-25063,1,1,8c34659c6a257a89c707c83868a8b18d34ee010ab7504a5a7479117985ac792f,2025-02-03T04:15:09.760000