admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 03:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-01-03T11:00:19.516559+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-01-03 11:03:41 +00:00
parent 820c498908
commit 221820d222
5 changed files with 272 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
CVE-2024/CVE-2024-121xx/CVE-2024-12132.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-12132",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-03T09:15:05.983",
"lastModified": "2025-01-03T09:15:05.983",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WP Job Portal \u2013 A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.4 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create jobs for companies that are unaffiliated with the attacker."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3210251/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d19ac6fc-029f-4f19-913e-e082acecc594?source=cve",
"source": "security@wordfence.com"
}
]
}

100
CVE-2024/CVE-2024-91xx/CVE-2024-9138.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-9138",
"sourceIdentifier": "psirt@moxa.com",
"published": "2025-01-03T09:15:06.370",
"lastModified": "2025-01-03T09:15:06.370",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Moxa\u2019s cellular routers, secure routers, and network security appliances are affected by a high-severity vulnerability, CVE-2024-9138. This vulnerability involves hard-coded credentials, enabling an authenticated user to escalate privileges and gain root-level access to the system, posing a significant security risk."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "psirt@moxa.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "psirt@moxa.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@moxa.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-656"
}
]
}
],
"references": [
{
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241155-privilege-escalation-and-os-command-injection-vulnerabilities-in-cellular-routers,-secure-routers,-and-netwo",
"source": "psirt@moxa.com"
}
]
}

100
CVE-2024/CVE-2024-91xx/CVE-2024-9140.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-9140",
"sourceIdentifier": "psirt@moxa.com",
"published": "2025-01-03T09:15:06.570",
"lastModified": "2025-01-03T09:15:06.570",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Moxa\u2019s cellular routers, secure routers, and network security appliances are affected by a critical vulnerability, CVE-2024-9140. This vulnerability allows OS command injection due to improperly restricted commands, potentially enabling attackers to execute arbitrary code. This poses a significant risk to the system\u2019s security and functionality."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "psirt@moxa.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "psirt@moxa.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@moxa.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241155-privilege-escalation-and-os-command-injection-vulnerabilities-in-cellular-routers,-secure-routers,-and-netwo",
"source": "psirt@moxa.com"
}
]
}

14
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2025-01-03T09:00:21.791312+00:00
2025-01-03T11:00:19.516559+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2025-01-03T07:15:25.297000+00:00
2025-01-03T09:15:06.570000+00:00
```
### Last Data Feed Release
@ -33,20 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
275641
275644
```
### CVEs added in the last Commit
Recently added CVEs: `0`
Recently added CVEs: `3`
- [CVE-2024-12132](CVE-2024/CVE-2024-121xx/CVE-2024-12132.json) (`2025-01-03T09:15:05.983`)
- [CVE-2024-9138](CVE-2024/CVE-2024-91xx/CVE-2024-9138.json) (`2025-01-03T09:15:06.370`)
- [CVE-2024-9140](CVE-2024/CVE-2024-91xx/CVE-2024-9140.json) (`2025-01-03T09:15:06.570`)
### CVEs modified in the last Commit
Recently modified CVEs: `1`
Recently modified CVEs: `0`
- [CVE-2025-22275](CVE-2025/CVE-2025-222xx/CVE-2025-22275.json) (`2025-01-03T07:15:25.297`)
## Download and Usage

5
_state.csv
View File

@ -244878,6 +244878,7 @@ CVE-2024-12127,0,0,5a71954d556e5e4eca59c6ef18b25e4cca9d5062e24f45d25c54cd9cd4087
CVE-2024-12128,0,0,c4db33033b659bed09aac37afde730f735bf98fa121412b3aa3432fe49f39a39,2024-12-07T10:15:05.843000
CVE-2024-1213,0,0,71ef51029e532fbd05d5ffce04ca88ce9c1183a8c328c139d7f9dd3d163c9edb,2024-11-21T08:50:03.180000
CVE-2024-12130,0,0,05811205e7cf6b9d5db685121cc1c0a1d80fffaab6e459b31891b300ff7dfa2c,2024-12-17T15:52:01.670000
CVE-2024-12132,1,1,2f82de921beecdb730d20219850cef8df0c2a4f1435a3bc1f3dff3197ed85e1f,2025-01-03T09:15:05.983000
CVE-2024-12138,0,0,8d975d6d21268c978bf38e4ecd10070b486d972f9cb2bde16883c51e239ae6fa,2024-12-04T14:15:19.413000
CVE-2024-1214,0,0,006edfeb44add0513d6df0049d407da5a783feee7b6e41af090a449d9f26b334,2024-11-21T08:50:03.383000
CVE-2024-12147,0,0,0ebd2d9e73219a39fb6777c8b0dc3255058db7114ec6ee0c20c337fec7f9520f,2024-12-04T18:15:11.803000
@ -274940,7 +274941,9 @@ CVE-2024-9129,0,0,3d76a24f7b2544eaf6e94567427057284c66389ed87bd9b0c2b23ac15941c4
CVE-2024-9130,0,0,7a17b6638601749177c95ede13421fc94f6381d99406730dd48ab1718340effd,2024-10-04T17:18:59.130000
CVE-2024-9136,0,0,440b3409a14907c29d57b03ac063b5d398f0722a11dac00ea875af9fd1c6005e,2024-10-01T14:28:31.027000
CVE-2024-9137,0,0,3a0147bbe99aea69e81722648bcded9de00b7e0fc2ebcfdef9b4011ad52b2134,2024-10-15T12:57:46.880000
CVE-2024-9138,1,1,0e6624374e7fcb90648722c43ad5352fd0faac0b5828525d76dbf1c137d04312,2025-01-03T09:15:06.370000
CVE-2024-9139,0,0,83938595f8962bac6f6fc335d42f9f22b2d606998dfde57a86094aba45150b17,2024-10-15T12:57:46.880000
CVE-2024-9140,1,1,5b1aea0303481b803ee0b17f9f37800c25262ec67f9aae4987b54371a5a05328,2025-01-03T09:15:06.570000
CVE-2024-9141,0,0,060137f2cb6f395e62eee7864b2b5ed5a05f9b96b4e88197f845c23c0d951e4d,2024-09-26T13:32:02.803000
CVE-2024-9142,0,0,cf4b574717a29b6aae11252da48029ab42606b85f386a37eaad918bf33a1c774,2024-10-14T16:35:01.033000
CVE-2024-9143,0,0,c8571041d8ddf4db9b47c66b9224811295d6e9052b601ad46a00bf72623dd41d,2024-11-21T09:54:04.817000
@ -275639,4 +275642,4 @@ CVE-2025-0174,0,0,9d66653b35dce22a5e13bcd4d218f8b859e23f7e6e6c85f7fc84bbc507e489
CVE-2025-0175,0,0,ac95c9697b04739d886090fb337a8da173389b48ecd5972d04d24955935380d8,2025-01-03T02:15:07.680000
CVE-2025-0176,0,0,2a22ffa81ac729c3387660dd6a8fe5bfa9ef0ae8a6a4a9c7a653c15c3464b03c,2025-01-03T02:15:07.870000
CVE-2025-22214,0,0,e2cc6e4f91ccc0784ce6c5e7f203a7b7ecf1116a49ea9d5798e3ff93276eaeec,2025-01-02T04:15:06.277000
CVE-2025-22275,0,1,ae7bb36b063c3378386b214c3e5016593366cb52d21141261157b091c3ceba6a,2025-01-03T07:15:25.297000
CVE-2025-22275,0,0,ae7bb36b063c3378386b214c3e5016593366cb52d21141261157b091c3ceba6a,2025-01-03T07:15:25.297000

Can't render this file because it is too large.