Auto-Update: 2025-01-29T11:00:46.445921+00:00

2025-06-21 17:41:05 +00:00 · 2025-01-29 11:04:13 +00:00 · 2025-01-29 11:04:13 +00:00 · 4705828ad3
commit 4705828ad3
parent 8bb50c406c
5 changed files with 145 additions and 12 deletions
--- a/CVE-2021/CVE-2021-39xx/CVE-2021-3978.json
+++ b/CVE-2021/CVE-2021-39xx/CVE-2021-3978.json
@ -0,0 +1,56 @@
+{
+  "id": "CVE-2021-3978",
+  "sourceIdentifier": "cna@cloudflare.com",
+  "published": "2025-01-29T10:15:07.750",
+  "lastModified": "2025-01-29T10:15:07.750",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "When copying files with rsync, octorpki uses the \"-a\" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root ( https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service ) this could allow for a vector, when combined with another vulnerability that causes octorpki to process a malicious TAL file, for a local privilege escalation."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cna@cloudflare.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH",
+          "attackVector": "LOCAL",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 0.8,
+        "impactScore": 6.0
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@cloudflare.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-269"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/cloudflare/cfrpki/security/advisories/GHSA-3pqh-p72c-fj85",
+      "source": "cna@cloudflare.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-529xx/CVE-2024-52949.json
+++ b/CVE-2024/CVE-2024-529xx/CVE-2024-52949.json
@ -2,13 +2,13 @@
  "id": "CVE-2024-52949",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-12-16T22:15:06.863",
-  "lastModified": "2024-12-17T18:15:24.767",
+  "lastModified": "2025-01-29T09:15:07.317",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
-      "value": "iptraf-ng 1.2.1 has a stack-based buffer overflow."
+      "value": "iptraf-ng 1.2.1 has a stack-based buffer overflow. In src/ifaces.c, the strcpy function consistently fails to control the size, and it is consequently possible to overflow memory on the stack."
    },
    {
      "lang": "es",
--- a/CVE-2024/CVE-2024-579xx/CVE-2024-57965.json
+++ b/CVE-2024/CVE-2024-579xx/CVE-2024-57965.json
@ -0,0 +1,75 @@
+{
+  "id": "CVE-2024-57965",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2025-01-29T09:15:08.183",
+  "lastModified": "2025-01-29T10:15:08.113",
+  "vulnStatus": "Received",
+  "cveTags": [
+    {
+      "sourceIdentifier": "cve@mitre.org",
+      "tags": [
+        "disputed"
+      ]
+    }
+  ],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute('href',href) call. NOTE: some parties feel that the code change only addresses a warning message from a SAST tool and does not fix a vulnerability."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve@mitre.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:N",
+          "baseScore": 0.0,
+          "baseSeverity": "NONE",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 2.2,
+        "impactScore": 0.0
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve@mitre.org",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-346"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/axios/axios/commit/0a8d6e19da5b9899a2abafaaa06a75ee548597db",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/axios/axios/issues/6351",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/axios/axios/pull/6714",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/axios/axios/releases/tag/v1.7.8",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2025-01-29T09:00:44.427663+00:00
+2025-01-29T11:00:46.445921+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2025-01-29T08:15:19.933000+00:00
+2025-01-29T10:15:08.113000+00:00
 ```

 ### Last Data Feed Release
@ -33,22 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-279360
+279362
 ```

 ### CVEs added in the last Commit

 Recently added CVEs: `2`

- [CVE-2024-13696](CVE-2024/CVE-2024-136xx/CVE-2024-13696.json) (`2025-01-29T08:15:19.677`)
- [CVE-2024-7695](CVE-2024/CVE-2024-76xx/CVE-2024-7695.json) (`2025-01-29T08:15:19.933`)
+- [CVE-2021-3978](CVE-2021/CVE-2021-39xx/CVE-2021-3978.json) (`2025-01-29T10:15:07.750`)
+- [CVE-2024-57965](CVE-2024/CVE-2024-579xx/CVE-2024-57965.json) (`2025-01-29T09:15:08.183`)


 ### CVEs modified in the last Commit

 Recently modified CVEs: `1`

- [CVE-2024-12085](CVE-2024/CVE-2024-120xx/CVE-2024-12085.json) (`2025-01-29T08:15:19.247`)
+- [CVE-2024-52949](CVE-2024/CVE-2024-529xx/CVE-2024-52949.json) (`2025-01-29T09:15:07.317`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -182030,6 +182030,7 @@ CVE-2021-39776,0,0,0f7d408f4458357e33d60d7b5843d10cc1e99563ffe63a5714ba14be04c76
 CVE-2021-39777,0,0,11f331304199bbb38d3d1f2c66b10bc631229e3b690128f5152192205a8f66fd,2024-11-21T06:20:12.787000
 CVE-2021-39778,0,0,976040d91dc49be5c849968ae2d447c2872a7420071abe94f4734a6bfadaebda,2024-11-21T06:20:12.920000
 CVE-2021-39779,0,0,0a32499bdc5ec4ce15fa20a78add17eb7f96fe3c2eb66f953442ffe021587718,2024-11-21T06:20:13.043000
+CVE-2021-3978,1,1,30bff79abcfa542c28638af104d717ae22b87cb29b903a6bd61830f8475be0b1,2025-01-29T10:15:07.750000
 CVE-2021-39780,0,0,32d6f561ec75bcd7794c7672695dec2c00497152bf9aca361f8b40badf94374d,2024-11-21T06:20:13.167000
 CVE-2021-39781,0,0,e79f3e0d4793a38e2d29be6ec1f517f7c395e725320f0ca62823364ad3d3387c,2024-11-21T06:20:13.290000
 CVE-2021-39782,0,0,a4e6bf08dd132848a9ca4116eb1863b89b04db892b013b30989c110c65bb8c90,2024-11-21T06:20:13.420000
@ -245179,7 +245180,7 @@ CVE-2024-1208,0,0,3c4b0e7895c1837530e812c9d592f58958b18ef870d236a49969dfb3f5e669
 CVE-2024-12082,0,0,d67c450c190c0364d4b144dcd382bc569f8e4f4f12ff2a960005828e083c85c7,2024-12-11T17:12:56.793000
 CVE-2024-12083,0,0,d43543ed1a2c4c8cfbaff70b85f71ffc7dc15514475ec8e8bc46a80ffd753fb3,2025-01-14T01:15:09.267000
 CVE-2024-12084,0,0,85dd725fc2f0b24c79e999378b1f0199fad5fe5d164b31609c57a84bcb434c0d,2025-01-15T15:15:10.537000
-CVE-2024-12085,0,1,213a2fdbe8cea793aa5c5b1fc44d03bef42e730164368fae39f280c0d2967618,2025-01-29T08:15:19.247000
+CVE-2024-12085,0,0,213a2fdbe8cea793aa5c5b1fc44d03bef42e730164368fae39f280c0d2967618,2025-01-29T08:15:19.247000
 CVE-2024-12086,0,0,e5130c03152639985c3e2f822b45f241716bd573825b1ce309364a23fc10467b,2025-01-14T22:15:26.370000
 CVE-2024-12087,0,0,083db16c2a7b9baa1b397fd2cd269bff2aa8f7c2646d1851d134f1f8a052e34a,2025-01-14T22:15:26.503000
 CVE-2024-12088,0,0,789608af69629f4130f54998ea59694fde701c19a329a9d8093e26a51277e55d,2025-01-14T22:15:26.600000
@ -246270,7 +246271,7 @@ CVE-2024-1368,0,0,e78cd290aff3eda879ea71814281e9fb9dbaef60630fac7d18ff14dae3d223
 CVE-2024-13680,0,0,f3164c1a021ffb39e27590d49b20eab131951c6817a6dc8655e0dfc9f53950e4,2025-01-24T07:15:06.930000
 CVE-2024-13683,0,0,afca8ca5733f1981ab92ff6f92163a36f62ba84bc4cae91c9eb4b4db6612f745,2025-01-24T07:15:08.523000
 CVE-2024-1369,0,0,6f4848b431d59906fc570cd21627f350db35226c120e93c5a8a911f55c4de4fa,2024-11-21T08:50:25.857000
-CVE-2024-13696,1,1,1705bcf2f6a6958e20414c0c17b533dd95f6dfcba36bb76e0b9f7d75e553f199,2025-01-29T08:15:19.677000
+CVE-2024-13696,0,0,1705bcf2f6a6958e20414c0c17b533dd95f6dfcba36bb76e0b9f7d75e553f199,2025-01-29T08:15:19.677000
 CVE-2024-13698,0,0,dc17e4312525981bb14f68ea913383417af07334780551d0e9684f2f5489da45,2025-01-24T16:15:34.597000
 CVE-2024-1370,0,0,9f0498253935aff35f1be521427ae96ebc633e827d9cc62afad8ecd6626aa44f,2024-11-21T08:50:26.027000
 CVE-2024-13709,0,0,7d11e0e002d231ab97d4c4838853b33e61be12c236e56c435ef75a396b4f88ea,2025-01-25T04:15:07.670000
@ -271421,7 +271422,7 @@ CVE-2024-52944,0,0,13f4728598a9169659ecc5ab8bdcbf29b2aee05592382aeebb2b7ebc79d90
 CVE-2024-52945,0,0,2be5483c630004e32670c1bf2df159c2fc165530e70f2dd74d5a6bc11ca631e4,2024-11-19T16:35:20.020000
 CVE-2024-52946,0,0,4f1dfe8b6d1ba4959015bfa97e83493e2bb850117484cc15efcaa811c3e03c50,2024-11-21T18:15:13.120000
 CVE-2024-52947,0,0,2aee58f94b954efaf5164df4a8e601015dc1edc796a589e4848762e3088ebedd,2024-11-18T18:35:09.517000
-CVE-2024-52949,0,0,de5f921375e48fe40c24c84e978654728df84f278833848f0ea52ff577d0b916,2024-12-17T18:15:24.767000
+CVE-2024-52949,0,1,696d0f2d9f6f32b8f638cc01e3ed01b74797e84c628afddbb0ec84c427c07fde,2025-01-29T09:15:07.317000
 CVE-2024-5295,0,0,2396dadecb35968608e7faeb909b9c67144b6a2007cc474b7ce69341811bcf77,2024-11-21T09:47:22.707000
 CVE-2024-52951,0,0,88467df47cc32548afc6312c57f27d2a7d0655e1c934e59eb5eeea7c6be506ce,2024-11-27T21:15:07.997000
 CVE-2024-52958,0,0,965d541bdaa048d08984be57ec6ff291abae1c702954dddd32ec7b0108549df9,2024-11-27T06:15:18.590000
@ -274051,6 +274052,7 @@ CVE-2024-57946,0,0,7694bfd6f4bfcb27622fd33f724eed0c14a58bd72141bedb13eda08e23a02
 CVE-2024-57947,0,0,0f394f81965ff60be8ebf8ad0ab0612e0d5ea1bd9618d127584b4c77570cc2fc,2025-01-23T14:15:25.293000
 CVE-2024-5795,0,0,8c27870eb8f46b4876cdd6a9335698b3a6adeccd1af066b5f5391281ef70b349,2024-11-21T09:48:20.780000
 CVE-2024-5796,0,0,10c3848976491ca5eeb295d89b1679f80388276c56109509ef1777f493022afe,2024-11-21T09:48:20.910000
+CVE-2024-57965,1,1,d78dea09938cb8948799ad2306c3ac0ba007fa5ca7bad3555c987aecde2fbb19,2025-01-29T10:15:08.113000
 CVE-2024-5798,0,0,1cf6b5fddcb53bc6e432a6a3428f56651407d96c3d029c184944ae69fb8dd23b,2024-11-21T09:48:21.013000
 CVE-2024-5799,0,0,23def4a6c23961b05e747f80024dd1bb17c6a1bb6930d36587790a1981c0653f,2024-09-26T20:39:09.127000
 CVE-2024-5800,0,0,0f1ba4e6921bceda8aa9f69d4954ff1ca271a0069f260f484c22f7b777658fee,2024-08-12T13:41:36.517000
@ -275750,7 +275752,7 @@ CVE-2024-7691,0,0,6dad0c769fb572b88a068528267f61949164dc392b80af6f168258a6b2c7f6
 CVE-2024-7692,0,0,4b38ff30e017e91d8a002928077306fde8ee04d0be5e9045460020d6ccc3af22,2024-10-04T17:14:50.990000
 CVE-2024-7693,0,0,dd3e43863a4776bf6aa9cee54c3310fd08dfe98f5bd8663ebc12432cb7153f16,2024-09-06T16:51:35.647000
 CVE-2024-7694,0,0,3a2582a984429d8c89c3dd71bc863aef01ff80b7baff4f3e3f71f54998d90a46,2024-09-06T17:24:42.573000
-CVE-2024-7695,1,1,9dd5f87b950b58727d2e2a28297a0af3ae776c663d9f14eb97db04400ecfdd7b,2025-01-29T08:15:19.933000
+CVE-2024-7695,0,0,9dd5f87b950b58727d2e2a28297a0af3ae776c663d9f14eb97db04400ecfdd7b,2025-01-29T08:15:19.933000
 CVE-2024-7696,0,0,f0052f9d5e178b3ea159f04ebcfd4751f930fb606630e5cab2ff7b8b63a94d0f,2025-01-07T06:15:17.827000
 CVE-2024-7697,0,0,122b8f72aeda3c5b2d61460f1dce24bd382a6f877b1c3f9efb3e322459b58ee0,2024-09-06T18:04:28.030000
 CVE-2024-7698,0,0,28382cbcfd0fa7ea6a7d15c9ccdd01abba2e948df9ed5ab95948fe232327814d,2024-09-27T19:39:43.350000