From 4a666a46a43e195847999532342ae89093547a6a Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sun, 19 Jan 2025 07:03:44 +0000 Subject: [PATCH] Auto-Update: 2025-01-19T07:00:19.744187+00:00 --- CVE-2024/CVE-2024-87xx/CVE-2024-8722.json | 60 +++++++++ CVE-2025/CVE-2025-05xx/CVE-2025-0565.json | 141 ++++++++++++++++++++++ README.md | 20 ++- _state.csv | 18 +-- 4 files changed, 218 insertions(+), 21 deletions(-) create mode 100644 CVE-2024/CVE-2024-87xx/CVE-2024-8722.json create mode 100644 CVE-2025/CVE-2025-05xx/CVE-2025-0565.json diff --git a/CVE-2024/CVE-2024-87xx/CVE-2024-8722.json b/CVE-2024/CVE-2024-87xx/CVE-2024-8722.json new file mode 100644 index 00000000000..fd45849cbdf --- /dev/null +++ b/CVE-2024/CVE-2024-87xx/CVE-2024-8722.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-8722", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-19T05:15:07.987", + "lastModified": "2025-01-19T05:15:07.987", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Import any XML or CSV File to WordPress PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dbc6ad3f-698e-4dfd-bbba-086f94831bba?source=cve", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wpallimport.com/downloads/wp-all-import-annual/?changelog=1", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-05xx/CVE-2025-0565.json b/CVE-2025/CVE-2025-05xx/CVE-2025-0565.json new file mode 100644 index 00000000000..db191bf2e29 --- /dev/null +++ b/CVE-2025/CVE-2025-05xx/CVE-2025-0565.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-0565", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-01-19T06:15:06.820", + "lastModified": "2025-01-19T06:15:06.820", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in ZZCMS 2023. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/En0t5/vul/blob/main/zzcms/zzcsm-sql-inject.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.292526", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.292526", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.484333", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index c9ef31caeb3..79c67dee306 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-01-19T05:00:19.365011+00:00 +2025-01-19T07:00:19.744187+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-01-19T04:15:07.090000+00:00 +2025-01-19T06:15:06.820000+00:00 ``` ### Last Data Feed Release @@ -33,27 +33,21 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -278065 +278067 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `2` -- [CVE-2024-45652](CVE-2024/CVE-2024-456xx/CVE-2024-45652.json) (`2025-01-19T03:15:06.647`) -- [CVE-2024-45653](CVE-2024/CVE-2024-456xx/CVE-2024-45653.json) (`2025-01-19T03:15:07.643`) -- [CVE-2024-45654](CVE-2024/CVE-2024-456xx/CVE-2024-45654.json) (`2025-01-19T03:15:07.787`) -- [CVE-2025-0564](CVE-2025/CVE-2025-05xx/CVE-2025-0564.json) (`2025-01-19T04:15:07.090`) +- [CVE-2024-8722](CVE-2024/CVE-2024-87xx/CVE-2024-8722.json) (`2025-01-19T05:15:07.987`) +- [CVE-2025-0565](CVE-2025/CVE-2025-05xx/CVE-2025-0565.json) (`2025-01-19T06:15:06.820`) ### CVEs modified in the last Commit -Recently modified CVEs: `4` +Recently modified CVEs: `0` -- [CVE-2024-0917](CVE-2024/CVE-2024-09xx/CVE-2024-0917.json) (`2025-01-19T03:31:43.843`) -- [CVE-2024-27317](CVE-2024/CVE-2024-273xx/CVE-2024-27317.json) (`2025-01-19T03:23:26.087`) -- [CVE-2024-27894](CVE-2024/CVE-2024-278xx/CVE-2024-27894.json) (`2025-01-19T03:09:08.147`) -- [CVE-2024-28098](CVE-2024/CVE-2024-280xx/CVE-2024-28098.json) (`2025-01-19T03:01:40.317`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 7ae9b8269e3..b8c203912a3 100644 --- a/_state.csv +++ b/_state.csv @@ -243188,7 +243188,7 @@ CVE-2024-0912,0,0,4f57efee87c78987c06f7ceab5e4000e0b2d703a66876a27e9fce78c8c5318 CVE-2024-0913,0,0,fdd184df3fb1e6ddd459b097472fe6fe272697f536f754bc3e7f7dbf4d3d090e,2024-11-21T08:47:42.730000 CVE-2024-0914,0,0,961b54ff0e9b9f81aa56dcd6cdc24b37952c07f3f53f7085b217ebd09ddf718f,2024-11-21T08:47:42.910000 CVE-2024-0916,0,0,5a8012d33f7bb36c9ef1c1bccdc08620475d280f7448052ee484e84c13496a01,2024-11-21T08:47:43.277000 -CVE-2024-0917,0,1,8ca5d131b4caf0ae73728e0f2737e604dfa40817adb5658d847b612acaa77af7,2025-01-19T03:31:43.843000 +CVE-2024-0917,0,0,8ca5d131b4caf0ae73728e0f2737e604dfa40817adb5658d847b612acaa77af7,2025-01-19T03:31:43.843000 CVE-2024-0918,0,0,adaf982dd698ba71a56fe214b4de6d539fe4a4f06abbbc782136a1eef6b53163,2024-11-21T08:47:44.287000 CVE-2024-0919,0,0,4faa3b3ee004f50a348eb233a0869d4eacefe6f2d379b6009e4cef456d250b55,2024-11-21T08:47:44.490000 CVE-2024-0920,0,0,ee99d8cd581c7af2f038b9e503ecab2633ed9070146163eae7948ec0f0b17f5d,2024-11-21T08:47:44.707000 @@ -252422,7 +252422,7 @@ CVE-2024-27313,0,0,35d4fc5dcf7fd82874d8066658bb141d6133e1d7a3505f1ab33a062d02328 CVE-2024-27314,0,0,c7800ff43b3dde4e64855ff4c8e9e09054f2d9523de2c8225fcf94e9bdda5465,2024-11-21T09:04:18.717000 CVE-2024-27315,0,0,d76b0fcdba6f7b4b207cb9b903ce70dcff45e546dcd16fd74a8323c6a63e3929,2024-12-31T16:16:15.510000 CVE-2024-27316,0,0,24fdf0f9b0ad852f5d9fcb01da998781549ca6c0b793197d9e2355018b079f16,2024-11-21T09:04:18.993000 -CVE-2024-27317,0,1,76b2a59ff51f548a5b920f9a9e5de4c3dbbbe200760563bdad4794a3fa9cb613,2025-01-19T03:23:26.087000 +CVE-2024-27317,0,0,76b2a59ff51f548a5b920f9a9e5de4c3dbbbe200760563bdad4794a3fa9cb613,2025-01-19T03:23:26.087000 CVE-2024-27318,0,0,a39bb4bb6ceefb9dab21937c537b420423d8cb9a6ce6d647023eb496b3d6b5b8,2024-11-21T09:04:19.373000 CVE-2024-27319,0,0,ba43b558a916cdc8ea2ffc9143a26e8f5c9b0fd690315b9a58ed0750f77418cb,2024-11-21T09:04:19.507000 CVE-2024-2732,0,0,c53ca86f62810bb8d7151754be48472811994b863d082d4f89a0e05dc2c7c2e4,2024-11-21T09:10:23.810000 @@ -252829,7 +252829,7 @@ CVE-2024-27887,0,0,27c7d91a187938663d4a01d4c87033037d24e5ace0c9df0921f49ee73def6 CVE-2024-27888,0,0,cd0431e20853cd52fac0840f748f121c2c1ffdab2233c1cee21b2fe50a5a00fd,2024-12-10T14:51:04.667000 CVE-2024-27889,0,0,9baa87884a3e66fc5756c9ced2a8ef947001f8941593056f52c6dadb55724bf9,2024-11-21T09:05:21.780000 CVE-2024-2789,0,0,b1690b1b83fedf5140ce93f0eda4241364d6c80c52f2ee1616fa1c36870eb1b9,2025-01-07T18:14:48.107000 -CVE-2024-27894,0,1,ccad49273a629a1c78e24163856afe63701367571263de1e6484edc4071a1784,2025-01-19T03:09:08.147000 +CVE-2024-27894,0,0,ccad49273a629a1c78e24163856afe63701367571263de1e6484edc4071a1784,2025-01-19T03:09:08.147000 CVE-2024-27895,0,0,d55175960df25787806e528bf2b5b0b690105cc86f51c145001c192d4b0382fc,2024-12-09T17:59:55 CVE-2024-27896,0,0,cefb57e4fd2360f9ca76121f5d55c0879f2b9778073436f6d450ff9f01865a42,2024-11-29T15:15:16.833000 CVE-2024-27897,0,0,e0fd628e199d1ad9f7d1973d04b30e3b226e987f2d07bcbb58339313ac383abd,2024-11-21T09:05:22.297000 @@ -253025,7 +253025,7 @@ CVE-2024-28094,0,0,e65989a468ce7112ff14a5b6de487cd35f7abbd47747bf6c735d7568c9d9e CVE-2024-28095,0,0,1f7d8fe8a6c56dc8dd69a3e4a3303f7c94c39f3ce605ea90cdf64f6129ed7de5,2024-11-21T09:05:48.183000 CVE-2024-28096,0,0,a0a1b2d48a132a8f67f7924055e0d93805996700281fe9467707cabf2e784f75,2024-11-21T09:05:48.310000 CVE-2024-28097,0,0,d328615318f60f00491ec7904bbd032058d8e0158a6c16297acf359751fa44f7,2024-11-21T09:05:48.423000 -CVE-2024-28098,0,1,9d40261cec447217dcbe8b865b335c2de4beaae87e7806bacec890457d4d35ff,2025-01-19T03:01:40.317000 +CVE-2024-28098,0,0,9d40261cec447217dcbe8b865b335c2de4beaae87e7806bacec890457d4d35ff,2025-01-19T03:01:40.317000 CVE-2024-28099,0,0,67074bfe8335b5e423677837dbafff99c4030ec6685c157c0f1ee9942960739f,2024-11-21T09:05:48.693000 CVE-2024-2810,0,0,f152fec8b4da4dd39d7c0040313b2d0236f2aef6a1dcaa287e4d60d1c0e11e68,2024-11-21T09:10:34.653000 CVE-2024-28100,0,0,980f955c88bfadf6275346988b59f10331a2302846e8287402fe5dd637f02c57,2024-09-16T17:28:07.347000 @@ -266090,9 +266090,9 @@ CVE-2024-4564,0,0,ee8f47044242c05a630f54d8d399a7051500b8cbd4c8fa39ec50216846d2f2 CVE-2024-45640,0,0,923abe7b70ac2297df80331720303a7ee55474d7dd4031afdf0c5f6c2b1c1e0c,2025-01-07T13:15:07.690000 CVE-2024-45642,0,0,cfb188922d2de3d0a2e624109932e190c43782f5c9c1e7fb30a5b975a8a432ea,2024-11-16T00:13:06.017000 CVE-2024-4565,0,0,7eafc37f7621bbcecc9df42111f1503d84607d3815c6d13bfc741bedf44b3a75,2024-11-21T09:43:07.187000 -CVE-2024-45652,1,1,a98f15ba10f48b9466efc3cc28e1ea6be4d5f5099bd07edd096dedcf90fa67a9,2025-01-19T03:15:06.647000 -CVE-2024-45653,1,1,23b213d8e708f895a3ae7904da1ec3db7ec809653880d7fcc6b0dd567508f27b,2025-01-19T03:15:07.643000 -CVE-2024-45654,1,1,e14d5f51432546412222a0594e7c9107c0a213bcd4e300ea857cb39c15b83600,2025-01-19T03:15:07.787000 +CVE-2024-45652,0,0,a98f15ba10f48b9466efc3cc28e1ea6be4d5f5099bd07edd096dedcf90fa67a9,2025-01-19T03:15:06.647000 +CVE-2024-45653,0,0,23b213d8e708f895a3ae7904da1ec3db7ec809653880d7fcc6b0dd567508f27b,2025-01-19T03:15:07.643000 +CVE-2024-45654,0,0,e14d5f51432546412222a0594e7c9107c0a213bcd4e300ea857cb39c15b83600,2025-01-19T03:15:07.787000 CVE-2024-45656,0,0,bd9c2ffe8b9cbe4ee804430325ca28b90db5a453ccc34b145371cf00c3254208,2024-10-29T14:34:04.427000 CVE-2024-4566,0,0,67793534ad65df3a22647f8471d680f58a33cea10b3409d6ba3f0ab52674e69f,2024-11-21T09:43:07.400000 CVE-2024-45662,0,0,2a9f7cf44074655374154bd6d7ae34aabeef47c4d3ebcb5e1ff57e4b2ae36ab3,2025-01-18T17:15:07.343000 @@ -276028,6 +276028,7 @@ CVE-2024-8718,0,0,08f9f7324fe1750583259b3c93648593ad90bf879a6e322b24780fec64fd46 CVE-2024-8719,0,0,f09775703ce33efd1a382062d7fd99b2a3df4a10d5639e789be4bdf90386ec17,2024-10-18T12:53:04.627000 CVE-2024-8720,0,0,a92271303c4f165ef6918751e334ec6c2a5d2eedb6ef1b6e7529ea9a9bccddee,2024-10-04T13:51:25.567000 CVE-2024-8721,0,0,b55737cb0e83f3810876edbd5f2c3fe227126cdd659227e4dbd42dea98b92ee8,2024-12-24T10:15:06.803000 +CVE-2024-8722,1,1,797d6b7fa82068b880881b15e8ef201f4d1a15ebdce9f4386bc0b1744a17d6af,2025-01-19T05:15:07.987000 CVE-2024-8723,0,0,83a844d582685fdefc602bc8b434e71b492fde6813a7ae6c416922e3445759df,2024-10-02T17:00:23.603000 CVE-2024-8724,0,0,79eb3fc36e2ade01b1d81ee061bd0ccc9d41db170377c76707443e9b9b4c1829,2024-09-27T15:56:00.073000 CVE-2024-8725,0,0,46dd31707149bc30a113fe6e731b5768bd17b167e63d858b2e790e78d82762b2,2024-10-01T14:16:42.727000 @@ -277283,7 +277284,8 @@ CVE-2025-0560,0,0,a8dad0e6326d118750e8c8a516030a35fe209a3585b22295c165d1200aa061 CVE-2025-0561,0,0,fd9b012ebdaece6d373c25b915aa1ce00990c69daaaaf36bf7683a0e1e96a65c,2025-01-19T00:15:25.077000 CVE-2025-0562,0,0,c526f2bbf0ee53dbd7b87b3a977b73812d0b8c8e2d0a2cc04f356d0f5568981e,2025-01-19T02:15:24.380000 CVE-2025-0563,0,0,c8aedbc0ad6c989f8bd21315356fde60bbf39135f127f9d691ff6d583ecc9784,2025-01-19T02:15:24.560000 -CVE-2025-0564,1,1,83206ab7d4a6b165cdb38999cbacf04d2d848dbd063370cc5da16a0083e91bfd,2025-01-19T04:15:07.090000 +CVE-2025-0564,0,0,83206ab7d4a6b165cdb38999cbacf04d2d848dbd063370cc5da16a0083e91bfd,2025-01-19T04:15:07.090000 +CVE-2025-0565,1,1,9e441f2e362b4078450931d0ef12dd08184a10cee05c1fd1b5de39e0c8230d42,2025-01-19T06:15:06.820000 CVE-2025-20016,0,0,6fccb84eb01c2cd66b422e82777f9738bfe5004121e1b551d0ae454724543c0e,2025-01-14T10:15:07.500000 CVE-2025-20033,0,0,6c60c85e451f1d6db70378d678ddf83dacc7c823ecfb493748ed6d94114eff49,2025-01-09T07:15:28.450000 CVE-2025-20036,0,0,a1d7639f0e568c5953a2962f5a2be630b5737d729f8c4f565a3eec7e4bf19549,2025-01-15T17:15:18.950000