Auto-Update: 2025-01-22T07:00:19.403185+00:00

CVE-2024/CVE-2024-112xx/CVE-2024-11218.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-11218",
+  "sourceIdentifier": "secalert@redhat.com",
+  "published": "2025-01-22T05:15:08.903",
+  "lastModified": "2025-01-22T05:15:08.903",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "secalert@redhat.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
+          "baseScore": 8.6,
+          "baseSeverity": "HIGH",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 6.0
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "secalert@redhat.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-269"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://access.redhat.com/security/cve/CVE-2024-11218",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2326231",
+      "source": "secalert@redhat.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-128xx/CVE-2024-12879.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-12879",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-01-22T06:15:12.950",
+  "lastModified": "2025-01-22T06:15:12.950",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'qc_wp_latest_update_check_pro' function in all versions up to, and including, 13.5.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create Simple Text Responses to chat queries."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-862"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/91427e3e-fedb-407e-8af6-8f4411a4166a?source=cve",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wpbot.pro/",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2025/CVE-2025-206xx/CVE-2025-20617.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2025-20617",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2025-01-22T06:15:14.170",
+  "lastModified": "2025-01-22T06:15:14.170",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can access the affected product with an administrative account."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "vultures@jpcert.or.jp",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 7.2,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "vultures@jpcert.or.jp",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-78"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://jvn.jp/en/jp/JVN15293958/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.iodata.jp/support/information/2025/01_ud-lt2/",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}

CVE-2025/CVE-2025-224xx/CVE-2025-22450.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2025-22450",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2025-01-22T06:15:14.327",
+  "lastModified": "2025-01-22T06:15:14.327",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Inclusion of undocumented features issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. A remote attacker may disable the LAN-side firewall function of the affected products, and open specific ports."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "vultures@jpcert.or.jp",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "vultures@jpcert.or.jp",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-1242"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://jvn.jp/en/jp/JVN15293958/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.iodata.jp/support/information/2025/01_ud-lt2/",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}

CVE-2025/CVE-2025-232xx/CVE-2025-23237.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2025-23237",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2025-01-22T06:15:14.480",
+  "lastModified": "2025-01-22T06:15:14.480",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. If a user logs in to CLI of the affected product, an arbitrary OS command may be executed."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "vultures@jpcert.or.jp",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 6.6,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 0.7,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "vultures@jpcert.or.jp",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-78"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://jvn.jp/en/jp/JVN15293958/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.iodata.jp/support/information/2025/01_ud-lt2/",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2025-01-22T05:00:34.669759+00:00
+2025-01-22T07:00:19.403185+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2025-01-22T04:15:07.083000+00:00
+2025-01-22T06:15:14.480000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,16 +33,18 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-278452
+278457
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `3`
+Recently added CVEs: `5`
 
-- [CVE-2024-13426](CVE-2024/CVE-2024-134xx/CVE-2024-13426.json) (`2025-01-22T03:15:07.370`)
-- [CVE-2024-13584](CVE-2024/CVE-2024-135xx/CVE-2024-13584.json) (`2025-01-22T04:15:06.907`)
-- [CVE-2024-13590](CVE-2024/CVE-2024-135xx/CVE-2024-13590.json) (`2025-01-22T04:15:07.083`)
+- [CVE-2024-11218](CVE-2024/CVE-2024-112xx/CVE-2024-11218.json) (`2025-01-22T05:15:08.903`)
+- [CVE-2024-12879](CVE-2024/CVE-2024-128xx/CVE-2024-12879.json) (`2025-01-22T06:15:12.950`)
+- [CVE-2025-20617](CVE-2025/CVE-2025-206xx/CVE-2025-20617.json) (`2025-01-22T06:15:14.170`)
+- [CVE-2025-22450](CVE-2025/CVE-2025-224xx/CVE-2025-22450.json) (`2025-01-22T06:15:14.327`)
+- [CVE-2025-23237](CVE-2025/CVE-2025-232xx/CVE-2025-23237.json) (`2025-01-22T06:15:14.480`)
 
 
 ### CVEs modified in the last Commit

_state.csv

@@ -244314,6 +244314,7 @@ CVE-2024-11213,0,0,733d387bcd2a89a3baf6e6af87e9925096408112067fd16bf967badff3e2e
 CVE-2024-11214,0,0,8f15fb853ae573991dd8377f3fdb07743acb2a14953115059875124aefd71a4f,2024-11-19T15:38:59.060000
 CVE-2024-11215,0,0,649934bde3315408f935571e43aced9541face2e1cac41750a3378db1c35aaf3,2024-11-15T13:58:08.913000
 CVE-2024-11217,0,0,cb24a1bdb987ee2ebd888113abdd2cecfb9cb2fe9a3dca74044179030beb620c,2024-11-18T17:11:56.587000
+CVE-2024-11218,1,1,661bb1bb499a94a43782169452a6410d4d7bdeb3a8a79402f9cf8376eefb47c8,2025-01-22T05:15:08.903000
 CVE-2024-11219,0,0,e0425cf1f1ca40cc6d95ef04e03e17b5776d09d72a88fcf5abbcb2ac00f59570,2024-11-27T06:15:18.110000
 CVE-2024-1122,0,0,4a647161edb6d6dbac08921722ee9f0f3f3f764af2a44d6cd56ac17a7d3d92e5,2024-11-21T08:49:50.943000
 CVE-2024-11220,0,0,5638e4c56cecb636c7b9e9af730cca60f5085a7f9cf6e6a192a2c97c73abab40,2024-12-06T18:15:22.407000
@@ -245660,6 +245661,7 @@ CVE-2024-12867,0,0,732c7583e9efa2618fe2f4098930414e7eb5e8b8eea2432950087191a298a
 CVE-2024-1287,0,0,86cfcf8ed68830eef8991c1cc47e2012e7e4c97ca8a27598ab8fa2741ba6d8b0,2024-11-21T08:50:14.227000
 CVE-2024-12875,0,0,65f6ca3bff49bc2fd9ea644c89d99467e02d0f3d3859a576808fcf00ae63e813,2024-12-21T12:15:20.910000
 CVE-2024-12877,0,0,a9e389a679e420f1b0a9a06268a68a8b0a86295a1a7eef4bfea3f46105e61e67,2025-01-11T08:15:26.127000
+CVE-2024-12879,1,1,57083a3f6b19f960c5e6f66e3a8040b1e0d47d960959f1d84a67c3110648ff15,2025-01-22T06:15:12.950000
 CVE-2024-1288,0,0,395f2de724425f73212a7bc39e91c09ee4289c7b4882341dd1ed370b6c884fd8,2024-11-21T08:50:14.440000
 CVE-2024-12881,0,0,ca1a79d9bb91f6e4db066c4e6e2534703ac042b68f8ca082fdad0b99821d0028,2024-12-24T10:15:06.240000
 CVE-2024-12883,0,0,0dccbc52a4dfe90cc951e45cce63bd7a8971973694371765a4b4ec10fba99d5e,2025-01-10T21:24:53.957000
@@ -246051,7 +246053,7 @@ CVE-2024-13401,0,0,5efe32d869945c8cf2c8e98762f61d5eb40d85526a7f385be1d59dce88509
 CVE-2024-13404,0,0,b58f4e5da266e40a7294b1c5385e421341df230f5fb30104fb5c9ea0c1e7114b,2025-01-21T10:15:07.823000
 CVE-2024-1341,0,0,090bf84c5ce2b0dfeca3a04f998237d36add49409b51be286587af2f8364beb8,2024-11-21T08:50:22.300000
 CVE-2024-1342,0,0,2f41e6eac1e33a309fc72543d371a67df7cdf22eae12449849cd3aab8e438d93,2024-10-14T22:15:03.180000
-CVE-2024-13426,1,1,ca26adc038606c0d17de30f213ba8a6e9e80443de40a7686c6aa3edda3908eec,2025-01-22T03:15:07.370000
+CVE-2024-13426,0,0,ca26adc038606c0d17de30f213ba8a6e9e80443de40a7686c6aa3edda3908eec,2025-01-22T03:15:07.370000
 CVE-2024-1343,0,0,7c2447499342d3573955d9e9545316db90429adf3b266826e2ed2754189f075e,2024-11-21T08:50:22.433000
 CVE-2024-13432,0,0,7d75f67ac18cf32d5dc44570eb7cf156c877d943529d3637d5b0bb399b86a599,2025-01-18T07:15:08.983000
 CVE-2024-13433,0,0,b744d44080e2e33c41984f231e71d8cc1252181c511f568444c5c86671c3eb05,2025-01-18T07:15:09.160000
@@ -246081,9 +246083,9 @@ CVE-2024-1355,0,0,6172baf85be4d7a27bbb49e6e2c61129e709fa636052c76496ed45a6120298
 CVE-2024-1356,0,0,6cb6186c899ef9742e559deecf7de4862ea2bb78bef5eed0c472ae9df79196b1,2024-11-21T08:50:24.133000
 CVE-2024-1357,0,0,25eaf5b978f8da82b4d3e5ed8aa890834adc21c061c9c9c169613a72fe6996b1,2024-11-21T08:50:24.283000
 CVE-2024-1358,0,0,c4ea31b36cfcd7f75873d740d9e38ca70692f76dad02370c8ddbe488b8025229,2025-01-17T19:52:41.687000
-CVE-2024-13584,1,1,51a2a8790b306bf6f14abd867916b8a12305829a5bd93ce1ee2660a9c0414149,2025-01-22T04:15:06.907000
+CVE-2024-13584,0,0,51a2a8790b306bf6f14abd867916b8a12305829a5bd93ce1ee2660a9c0414149,2025-01-22T04:15:06.907000
 CVE-2024-1359,0,0,8114a50ae134a93430da828655ce595d1020af44415effc85b05f4f190881d3c,2024-11-21T08:50:24.543000
-CVE-2024-13590,1,1,e744f6d4395f4b003bd865fd245dc1ce88f3f6497b82dad9a2ff5ecb2f4434d5,2025-01-22T04:15:07.083000
+CVE-2024-13590,0,0,e744f6d4395f4b003bd865fd245dc1ce88f3f6497b82dad9a2ff5ecb2f4434d5,2025-01-22T04:15:07.083000
 CVE-2024-1360,0,0,a87675d91847a9b72ed5368695c7c67c099276d1667e5e94dc544f268946892c,2024-11-21T08:50:24.707000
 CVE-2024-1361,0,0,8a11a93152fbfa05be2934d541581f2e8e8c1350c348ceb554a6a47ec08e0e2f,2025-01-15T18:39:23.493000
 CVE-2024-1362,0,0,ebe61894e3dd1fecb8d4711188e9d8f7e6a2ff043508a2ee93131b033a0336dd,2025-01-15T18:40:30.490000
@@ -277495,6 +277497,7 @@ CVE-2025-20126,0,0,0fcc9383f8a59c5e0d551ae3c2ee7933f9c74701d79731c282030a0992412
 CVE-2025-20166,0,0,188546bff78f1ed6c60c3dafa709981ac0aa7d116e226da5b14281c3f0f04183,2025-01-08T17:15:16.990000
 CVE-2025-20167,0,0,ea01454738582257d8f0561c538bde2bc3fca79642eac6232d7fa05917ea3b87,2025-01-08T17:15:17.163000
 CVE-2025-20168,0,0,f8a58ad4899086a228f10ada9d537b9205b9094ad2b0c298be3af0260ad230d2,2025-01-08T17:15:17.323000
+CVE-2025-20617,1,1,bfa0a81d5c608982ed2e777c1a51e6c6b6af19a2b00cd034d1118bfd02ffe398,2025-01-22T06:15:14.170000
 CVE-2025-20620,0,0,3537bfd354e2e5606a7442449870297aadd63b5c6f244c03eb513f3f9ee090eb,2025-01-14T10:15:07.860000
 CVE-2025-20621,0,0,6a114b51d7b17c045df262a66b6010baf7d9e3634e11632f91e2ccc96791ec1e,2025-01-16T19:15:29.960000
 CVE-2025-20630,0,0,b69f04020608923d2a464ad06edf2aa9ee933f1eafbc166f5b91bfd601e0dcfb,2025-01-16T19:15:30.110000
@@ -277931,6 +277934,7 @@ CVE-2025-22394,0,0,bd5883db5916f4fb62cd22d509388363d3fe283a637e665acf3a831ed6ef3
 CVE-2025-22395,0,0,ce7db6acd5106ea1fc693f8e6a4248b50542a5f440a82a6c625194d64974a971,2025-01-07T03:15:06.047000
 CVE-2025-22445,0,0,b624e4e02bffb5e86c49cb4f27a7947d07caad44049ae2738e6a5025f36e7b72,2025-01-09T07:15:28.617000
 CVE-2025-22449,0,0,bbe6983ada373fe96f2acc3f2babe8a504c2fad76654b8fe6101ea89ee7b3f6f,2025-01-09T07:15:28.777000
+CVE-2025-22450,1,1,bec0c231f15d89d6a89e728bff19768441055ad7674912604ce1fde8c802695c,2025-01-22T06:15:14.327000
 CVE-2025-22498,0,0,f3f7d57a5c074cef7d66fd0b0c22de1f5c4ac45e596ff524016d32b7cab75963,2025-01-13T14:15:10.787000
 CVE-2025-22499,0,0,2c7469ba06cedcc8f30abf0610d7acbf7462216a8d6077933c22c805fba653a7,2025-01-13T14:15:10.960000
 CVE-2025-22500,0,0,c8f154061d3da5b6a8edbf6756b48a42d68c23a6466a5b364e986467d39302c7,2025-01-07T17:15:33.657000
@@ -278212,6 +278216,7 @@ CVE-2025-23218,0,0,0d9a220919abe3a17ac7afcfc75e9654aeb452859503c7554f342466bfb43
 CVE-2025-23219,0,0,7bfc816a66d36eeb8427d1e438890d0ae6033f069415e0175c799b53ab2c0b1e,2025-01-21T15:15:15.247000
 CVE-2025-23220,0,0,7594bd1f2d5770c36a55b5b9fd690b04bf7606bfe4b3acd2181f9cbade146b08,2025-01-21T15:15:15.430000
 CVE-2025-23221,0,0,b9e220051865326d7bce5e6fa27b18637659ac0f27be03003737cde64e90648d,2025-01-20T17:15:07.987000
+CVE-2025-23237,1,1,d204c5fb01db488a0f6e27659293f1738cb1ba3c0404ed666043b41f571f334e,2025-01-22T06:15:14.480000
 CVE-2025-23366,0,0,3312897ce94f2285a7d2a9ec8c23b065acb503e3b2f9a747e3e7ca809adbfbea,2025-01-14T18:16:06.290000
 CVE-2025-23369,0,0,a33f07fef2f54f1f73f52a7436ab28743a9935849fa82f187ebe5927ae0216a0,2025-01-21T19:15:12.147000
 CVE-2025-23423,0,0,9f2a3a8c7b19b98ddcb037c2f429da3cdced4a5dd5f2091389a187de7a6bb398,2025-01-16T20:15:33.573000