Auto-Update: 2025-01-20T15:00:43.583255+00:00

2025-05-08 19:47:09 +00:00 · 2025-01-20 15:04:09 +00:00 · 2025-01-20 15:04:09 +00:00 · 5f402a9488
commit 5f402a9488
parent b1609dfbda
6 changed files with 176 additions and 9 deletions
--- a/CVE-2024/CVE-2024-131xx/CVE-2024-13176.json
+++ b/CVE-2024/CVE-2024-131xx/CVE-2024-13176.json
@ -0,0 +1,61 @@
+{
+  "id": "CVE-2024-13176",
+  "sourceIdentifier": "openssl-security@openssl.org",
+  "published": "2025-01-20T14:15:26.247",
+  "lastModified": "2025-01-20T14:15:26.247",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "openssl-security@openssl.org",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-385"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844",
+      "source": "openssl-security@openssl.org"
+    },
+    {
+      "url": "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467",
+      "source": "openssl-security@openssl.org"
+    },
+    {
+      "url": "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902",
+      "source": "openssl-security@openssl.org"
+    },
+    {
+      "url": "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65",
+      "source": "openssl-security@openssl.org"
+    },
+    {
+      "url": "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f",
+      "source": "openssl-security@openssl.org"
+    },
+    {
+      "url": "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded",
+      "source": "openssl-security@openssl.org"
+    },
+    {
+      "url": "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86",
+      "source": "openssl-security@openssl.org"
+    },
+    {
+      "url": "https://openssl-library.org/news/secadv/20250120.txt",
+      "source": "openssl-security@openssl.org"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-04xx/CVE-2025-0479.json
+++ b/CVE-2025/CVE-2025-04xx/CVE-2025-0479.json
@ -9,6 +9,10 @@
    {
      "lang": "en",
      "value": "This vulnerability exists in the CP Plus Router due to insecure handling of cookie flags used within its web interface. A remote attacker could exploit this vulnerability by intercepting data transmissions during an HTTP session on the vulnerable system.\n \nSuccessful exploitation of this vulnerability could allow the attacker to obtain sensitive information and compromise the targeted system."
+    },
+    {
+      "lang": "es",
+      "value": "Esta vulnerabilidad existe en el enrutador CP Plus debido al manejo inseguro de los indicadores de cookies utilizados dentro de su interfaz web. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad interceptando transmisiones de datos durante una sesi\u00f3n HTTP en el sistema vulnerable. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante obtener informaci\u00f3n confidencial y comprometer el sistema objetivo."
    }
  ],
  "metrics": {
--- a/CVE-2025/CVE-2025-216xx/CVE-2025-21655.json
+++ b/CVE-2025/CVE-2025-216xx/CVE-2025-21655.json
@ -0,0 +1,33 @@
+{
+  "id": "CVE-2025-21655",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2025-01-20T14:15:27.027",
+  "lastModified": "2025-01-20T14:15:27.027",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/eventfd: ensure io_eventfd_signal() defers another RCU period\n\nio_eventfd_do_signal() is invoked from an RCU callback, but when\ndropping the reference to the io_ev_fd, it calls io_eventfd_free()\ndirectly if the refcount drops to zero. This isn't correct, as any\npotential freeing of the io_ev_fd should be deferred another RCU grace\nperiod.\n\nJust call io_eventfd_put() rather than open-code the dec-and-test and\nfree, which will correctly defer it another RCU grace period."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/6b63308c28987c6010b1180c72a6db4df6c68033",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/8efff2aa2d95dc437ab67c5b4a9f1d3f367baa10",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/a7085c3ae43b86d4b3d1b8275e6a67f14257e3b7",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/c9a40292a44e78f71258b8522655bffaf5753bdb",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-243xx/CVE-2025-24337.json
+++ b/CVE-2025/CVE-2025-243xx/CVE-2025-24337.json
@ -0,0 +1,64 @@
+{
+  "id": "CVE-2025-24337",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2025-01-20T14:15:27.130",
+  "lastModified": "2025-01-20T14:15:27.130",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "WriteFreely through 0.15.1, when MySQL is used, allows local users to discover credentials by reading config.ini."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve@mitre.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 8.4,
+          "baseSeverity": "HIGH",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 2.5,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve@mitre.org",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-281"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/writefreely/writefreely/releases/tag/v0.15.1",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://raphus.social/@TV4Fun/113846757112643161",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.openwall.com/lists/oss-security/2025/01/18/1",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2025-01-20T13:00:32.644066+00:00
+2025-01-20T15:00:43.583255+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2025-01-20T12:15:23.563000+00:00
+2025-01-20T14:15:27.130000+00:00
 ```

 ### Last Data Feed Release
@ -33,21 +33,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-278138
+278141
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `2`
+Recently added CVEs: `3`

- [CVE-2023-52923](CVE-2023/CVE-2023-529xx/CVE-2023-52923.json) (`2025-01-20T11:15:07.670`)
- [CVE-2025-0479](CVE-2025/CVE-2025-04xx/CVE-2025-0479.json) (`2025-01-20T12:15:23.563`)
+- [CVE-2024-13176](CVE-2024/CVE-2024-131xx/CVE-2024-13176.json) (`2025-01-20T14:15:26.247`)
+- [CVE-2025-21655](CVE-2025/CVE-2025-216xx/CVE-2025-21655.json) (`2025-01-20T14:15:27.027`)
+- [CVE-2025-24337](CVE-2025/CVE-2025-243xx/CVE-2025-24337.json) (`2025-01-20T14:15:27.130`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `0`
+Recently modified CVEs: `1`

+- [CVE-2025-0479](CVE-2025/CVE-2025-04xx/CVE-2025-0479.json) (`2025-01-20T12:15:23.563`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -240534,7 +240534,7 @@ CVE-2023-5292,0,0,053cd6bdc838ec8e58310af23c6d4e5e608dfbec5f41437eefe04e4d3a1ca9
 CVE-2023-52920,0,0,d3f31fdc95b4a67b67ed332bc8577a6c103a6cc3b65bec1715fea71c281674f5,2025-01-09T16:15:35.587000
 CVE-2023-52921,0,0,db860eb263bc8c980e12e17429a087c45572e4c4d54038923230b290b9052477,2024-12-11T15:15:07.307000
 CVE-2023-52922,0,0,0257647582c181cfc3c3426a0282aca59fe8801f0370a44aec6ca0f680b7f26b,2024-12-11T15:15:07.500000
-CVE-2023-52923,1,1,d6676aab56cdab922319c7ca254c484f6213bbcaf2adfcccdb688c34a513a679,2025-01-20T11:15:07.670000
+CVE-2023-52923,0,0,d6676aab56cdab922319c7ca254c484f6213bbcaf2adfcccdb688c34a513a679,2025-01-20T11:15:07.670000
 CVE-2023-5293,0,0,9b2cea486d7a7f42acc94669701d574bcf5844db44201d8d4650d958cfdded9f,2024-11-21T08:41:28.027000
 CVE-2023-5294,0,0,3f7d530e6cf9dcdc204d5438393ed0130f08c33ee485c7c9370aa028c9815d14,2024-11-21T08:41:28.180000
 CVE-2023-52943,0,0,f6ed6bafa02a627fd8483d5444c81747a611e4e8a768a1c76804639f41008cc5,2024-12-04T07:15:04.033000
@ -245866,6 +245866,7 @@ CVE-2024-13170,0,0,64bb0fa3762d809dad101b4ba885fcca0dd1d305c82c02d70bc824e02b59a
 CVE-2024-13171,0,0,699657c265d040f82de898618a447265bb42e4c5f15629b32474eb0a58331d80,2025-01-14T18:15:28.913000
 CVE-2024-13172,0,0,4be3076bfc8edd49ff4de334b04e8f62cacb071216b0af58069e07996765e5eb,2025-01-14T18:15:29.110000
 CVE-2024-13173,0,0,052d5e11a0e6d41f18ffe50cc98d7e8fa992f332fedcf8acc482d2ed982cfbb4,2025-01-08T15:15:16.577000
+CVE-2024-13176,1,1,4bd3835003083840e0d94013ca7c4cc86ae657db5df653a04b8452759ff8ce57,2025-01-20T14:15:26.247000
 CVE-2024-13179,0,0,9d2a982b824c67bbacd2e3f4856194d80faa53a9ffb503fdbd054d373079f25f,2025-01-16T21:01:38.177000
 CVE-2024-1318,0,0,8468ceebf6c6c9f41014d2f5941b790bd61167061813191d7b8edcc4ba43bbca,2024-12-31T16:56:50.763000
 CVE-2024-13180,0,0,d8eed302f18bf4ce52a1f3c3aecacb18daed8ee47876692255a4c4adf22e5203,2025-01-16T21:01:52.650000
@ -277276,7 +277277,7 @@ CVE-2025-0472,0,0,0f40580898fe8da8d58e11b525a8aafe4140ddc85dd699a671742e2ebf135a
 CVE-2025-0473,0,0,1dd10a9273539100ae454eabb570ef30f5a1ca54c056c49681717a1070ea05e3,2025-01-16T13:15:07.540000
 CVE-2025-0474,0,0,82177afd4a03f9b6718aa062961dc28425e1582c17c2ed083ad764687f417f46,2025-01-14T19:15:32.930000
 CVE-2025-0476,0,0,d5dedaf074b8e1ffdbcdfb09b37c5419fb4718d4a0a50274a1a3fdd85de6ca12,2025-01-16T00:15:25.217000
-CVE-2025-0479,1,1,bfdb6d7866a82a63111bbbaa015c4aaeff93a67309b3b4a1b57ed4608f112774,2025-01-20T12:15:23.563000
+CVE-2025-0479,0,1,6e614cded5f343ee5bef56c97dfc84718ef3f3e1c55cd2c6a9e5eb3afc8bed99,2025-01-20T12:15:23.563000
 CVE-2025-0480,0,0,0cb09a8f6ce0b89170992f0c154f24058b4f34598442baf21a60641247a52751,2025-01-15T18:15:24.457000
 CVE-2025-0481,0,0,ea23d14dcc3acce7aaf6b481730febc16b60b2cfb742b3ce32274b3236e29b50,2025-01-15T19:15:26.807000
 CVE-2025-0482,0,0,51755e11e1fe85bcdf8c3ef7c747a7a90c189e81d239d3c797b168fc9a111599,2025-01-15T21:15:14.653000
@ -277581,6 +277582,7 @@ CVE-2025-21651,0,0,08b0d285d803ce14ca95c51ff0bb6822af7a1dfa543a30bb044ccb678d352
 CVE-2025-21652,0,0,781ce4cdff4e60cfb6f8b0eb373b8634b7b2c8bf54de4c678c30aac3d57ceb30,2025-01-19T11:15:10.830000
 CVE-2025-21653,0,0,f32ca4f34b7bccc36e5debfdf592df2ad87aa1a93c5b7257a97a73e494c6108b,2025-01-19T11:15:10.940000
 CVE-2025-21654,0,0,1e4de08a34cab5d4b4d5c6f2cdca90847554e3952c3a83e001ff2672952d2415,2025-01-19T11:15:11.040000
+CVE-2025-21655,1,1,e5a98c6155ef95beaa77c8f70c04ef1a52b9c9b57ffc8aa737b1a8a15dabbd07,2025-01-20T14:15:27.027000
 CVE-2025-22130,0,0,a71c51c8237898c4394724aa5ef423b90094196082b564075e1f1cf6c2992343,2025-01-08T16:15:38.543000
 CVE-2025-22132,0,0,92f694afc6ce174171da36824da367c743ab8d73a418a3347309264d0570fa9a,2025-01-07T22:15:31.590000
 CVE-2025-22133,0,0,32df1a7a06703aea1606771b300b1836f84903a2a4b183527a9471791c589465,2025-01-08T15:15:21.727000
@ -278137,3 +278139,4 @@ CVE-2025-23961,0,0,36c0da688ed3e8548f86716b57ea278db435c869e71f4caf3f9de5e686946
 CVE-2025-23962,0,0,38c72a66f748d246b44f5351bf9ff0f3b3815cc4926f227945695c33eaf96317,2025-01-16T21:15:37.730000
 CVE-2025-23963,0,0,b25e75626ec56255a41425e6f3edd3e3aea1c19b7ee658d0d0b26b28ec1f0c5c,2025-01-16T21:15:37.873000
 CVE-2025-23965,0,0,53fb1e10aaa7ebd57bd7f00633a90cd803f03e00b4bc8c44e50c428b42627500,2025-01-16T21:15:38.023000
+CVE-2025-24337,1,1,07d30bbea6dfa209bcd4c6bc43756d477d6586721f50f7d7909041753d5deb68,2025-01-20T14:15:27.130000