diff --git a/CVE-2025/CVE-2025-21xx/CVE-2025-2120.json b/CVE-2025/CVE-2025-21xx/CVE-2025-2120.json new file mode 100644 index 00000000000..0896264232b --- /dev/null +++ b/CVE-2025/CVE-2025-21xx/CVE-2025-2120.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-2120", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-03-09T11:15:35.023", + "lastModified": "2025-03-09T11:15:35.023", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Thinkware Car Dashcam F800 Pro up to 20250226. It has been rated as problematic. This issue affects some unknown processing of the file /tmp/hostapd.conf of the component Configuration File Handler. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 2.4, + "baseSeverity": "LOW", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 2.1, + "baseSeverity": "LOW", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.7, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N", + "baseScore": 1.7, + "accessVector": "LOCAL", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "baseSeverity": "LOW", + "exploitabilityScore": 3.1, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-312" + }, + { + "lang": "en", + "value": "CWE-313" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/geo-chen/Thinkware-Dashcam", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.299033", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.299033", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.507327", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-21xx/CVE-2025-2121.json b/CVE-2025/CVE-2025-21xx/CVE-2025-2121.json new file mode 100644 index 00000000000..dde2b3820bb --- /dev/null +++ b/CVE-2025/CVE-2025-21xx/CVE-2025-2121.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-2121", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-03-09T11:15:36.647", + "lastModified": "2025-03-09T11:15:36.647", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in Thinkware Car Dashcam F800 Pro up to 20250226. Affected is an unknown function of the component File Storage. The manipulation leads to improper access controls. The attack can only be done within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "ADJACENT", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 5.8, + "accessVector": "ADJACENT_NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 6.5, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-266" + }, + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/geo-chen/Thinkware-Dashcam", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.299034", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.299034", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.507328", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 034f0130fe6..4865ce4249d 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-03-09T11:00:19.372406+00:00 +2025-03-09T13:00:19.269876+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-03-09T09:15:12.560000+00:00 +2025-03-09T11:15:36.647000+00:00 ``` ### Last Data Feed Release @@ -33,15 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -284568 +284570 ``` ### CVEs added in the last Commit Recently added CVEs: `2` -- [CVE-2025-2118](CVE-2025/CVE-2025-21xx/CVE-2025-2118.json) (`2025-03-09T09:15:11.240`) -- [CVE-2025-2119](CVE-2025/CVE-2025-21xx/CVE-2025-2119.json) (`2025-03-09T09:15:12.560`) +- [CVE-2025-2120](CVE-2025/CVE-2025-21xx/CVE-2025-2120.json) (`2025-03-09T11:15:35.023`) +- [CVE-2025-2121](CVE-2025/CVE-2025-21xx/CVE-2025-2121.json) (`2025-03-09T11:15:36.647`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 04f94a22b46..1e70dc2641e 100644 --- a/_state.csv +++ b/_state.csv @@ -281539,7 +281539,7 @@ CVE-2025-21176,0,0,d03f69dcb3b1e51b711d4c41d6bfccaba1562702f0aaad28329089c8f50b7 CVE-2025-21177,0,0,4f903499a658859fcb10826be90a0ea63b63f075823c3150567dddccfd65ed77,2025-02-11T22:19:45.057000 CVE-2025-21178,0,0,c7959eb5f27aa12e423969f2bfc0eb3fb196cb3a2af9c2f656ceade14ab294a1,2025-01-27T18:42:39.560000 CVE-2025-21179,0,0,56c99027ad0d41d9c697e46ad29c10aa7c65635cadb6d982db31f0458c99ddfa,2025-02-25T16:56:10.590000 -CVE-2025-2118,1,1,1ac16eac1541ef81454bddc60b2e4c9422f4e5c218b8688a4337305f337d463b,2025-03-09T09:15:11.240000 +CVE-2025-2118,0,0,1ac16eac1541ef81454bddc60b2e4c9422f4e5c218b8688a4337305f337d463b,2025-03-09T09:15:11.240000 CVE-2025-21181,0,0,da3a9934c4290b3b670cda21e1ec49e2e6a47888699680facdd72d5c329d6586,2025-03-04T15:15:26.497000 CVE-2025-21182,0,0,cc183a741d3d0b62fc82a334158a2ca4fdae6dba068e1b2b22a750e1789b8393,2025-02-25T16:59:25.820000 CVE-2025-21183,0,0,97c60133d935bc6f85808e271daf514b07d577c1754cf44ed14ffde224dc4835,2025-02-25T17:00:06.170000 @@ -281549,17 +281549,19 @@ CVE-2025-21186,0,0,8a8ba48b87441215f1c43ede85a3e2813061bed74393786f63526fd639d8d CVE-2025-21187,0,0,05994f278acb907e9de51acc1037aa859f6c5afa8dace166ad321c325a389481,2025-02-05T19:14:06.093000 CVE-2025-21188,0,0,b31daea4bb469ad7d6730cf1515cfeaf51d8ab46128508537630adf914f3c6d0,2025-02-28T16:02:50.353000 CVE-2025-21189,0,0,329c5c7b58ec66de4b6d9cd35e4d5fad7c108585bdc451001b100691c802e6da,2025-01-27T18:42:24.057000 -CVE-2025-2119,1,1,11c1e79be3bf50aecb03d6336a71ed783eaf7a99a912f6e661ef31e34a8febe6,2025-03-09T09:15:12.560000 +CVE-2025-2119,0,0,11c1e79be3bf50aecb03d6336a71ed783eaf7a99a912f6e661ef31e34a8febe6,2025-03-09T09:15:12.560000 CVE-2025-21190,0,0,8b2db67cb947998b5b47f9d8f9638f01b53bd9f51551def40a37a7298cc49d1c,2025-02-28T16:02:50.353000 CVE-2025-21193,0,0,f3dd779a9a437e46fb9f30ebcb1d8f684dbb5bb54fbad7b1b2971d455cbeaf6b,2025-01-27T18:42:17.480000 CVE-2025-21194,0,0,4cbf78ebc8712bf991c571b0aba8e62887ba280acbf4ff53a1e72f262be2e98d,2025-02-11T18:15:30.820000 CVE-2025-21198,0,0,409f66843b554eefbda1b14eaef7f0d6b61447a101bf7413282917ca002ecb4d,2025-02-28T16:02:50.353000 +CVE-2025-2120,1,1,b533d65276850c88a6f68043d3c7cc2b8e635bf5331a78cad5aab688dffba10f,2025-03-09T11:15:35.023000 CVE-2025-21200,0,0,ac452cf5d8fd7ee078abc4bf9e8393b61bfd7da4b4c1364b02d5f65241a430a0,2025-02-28T16:02:50.353000 CVE-2025-21201,0,0,33cb4b63d3221b6237489bbb3ee9e268d6b471a2dc92fe795430f2b500e3c69e,2025-02-28T16:02:50.353000 CVE-2025-21202,0,0,ec4260bee4bd33c21d930aa9c88a20abd99a3045b6128e76b4237cf160037447,2025-01-27T18:41:27.647000 CVE-2025-21206,0,0,30db180b922f51f20ac3dc612188bb7e771e65f4b8b0475b70dd344d2e79140d,2025-02-28T16:02:50.353000 CVE-2025-21207,0,0,101f5aedceeec8e95c7aa4d154c4fe35b53d1787f61e5e9c69598a5be6aa3415,2025-01-27T18:41:10.137000 CVE-2025-21208,0,0,d6750a7a531b1a606c0d78d60d369b1fb895e79f9d7f1a5bd19ef4a9dbb91db7,2025-02-28T16:02:50.353000 +CVE-2025-2121,1,1,5f6e6cafc8b053796282a2422f8f4ad4175988241f629294d1d4fcda459a8172,2025-03-09T11:15:36.647000 CVE-2025-21210,0,0,c84a831bc35a18a87ded790fe8b815dc0d44394e8c6c6597dc3d56e3ec20caba,2025-01-27T18:41:01.470000 CVE-2025-21211,0,0,50fa81ea05a4c3005f4b83063356d13451968ba8d4fc749bb0a7fe76cb440e94,2025-01-27T18:40:51.233000 CVE-2025-21212,0,0,c3cf3d27935b08b1f99386820b4127d20504a527c2595f60d30d4416e217289b,2025-02-28T16:02:50.353000