admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 03:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-01-10T13:00:20.068473+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-01-10 13:03:44 +00:00
parent 7e9bc809a7
commit 8550342296
10 changed files with 153 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
CVE-2024/CVE-2024-133xx/CVE-2024-13318.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-13318",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-10T12:15:24.257",
"lastModified": "2025-01-10T12:15:24.257",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Essential WP Real Estate plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the cl_delete_listing_func() function in all versions up to, and including, 1.1.3. This makes it possible for unauthenticated attackers to delete arbitrary pages and posts."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-463"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/essential-wp-real-estate/trunk/src/Common/Ajax/Ajax.php#L724",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6a1a9e22-d174-43fc-aab6-f6968067a290?source=cve",
"source": "security@wordfence.com"
}
]
}

10
CVE-2024/CVE-2024-561xx/CVE-2024-56113.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-56113",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-09T20:15:39.603",
"lastModified": "2025-01-09T20:15:39.603",
"lastModified": "2025-01-10T11:15:06.967",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Smart Toilet Lab - Motius 1.3.11 is running with debug mode turned on (DEBUG = True) and exposing sensitive information defined in Django settings file through verbose error page."
},
{
"lang": "es",
"value": "Smart Toilet Lab - Motius 1.3.11 se ejecuta con el modo de depuraci\u00f3n activado (DEBUG = True) y expone informaci\u00f3n confidencial definida en el archivo de configuraci\u00f3n de Django a trav\u00e9s de una p\u00e1gina de error detallada."
}
],
"metrics": {},
@ -16,10 +20,6 @@
{
"url": "https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2024-56113",
"source": "cve@mitre.org"
},
{
"url": "https://smarttoilet.pratt.duke.edu",
"source": "cve@mitre.org"
}
]
}

4
CVE-2024/CVE-2024-563xx/CVE-2024-56310.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-56310",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-12-22T21:15:16.433",
"lastModified": "2024-12-24T03:15:07.440",
"lastModified": "2025-01-10T11:15:08.653",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "REDCap through 15.0.0 has a security flaw in the Project Dashboards name, exposing users to a Cross-Site Request Forgery (CSRF) attack. An attacker can exploit this by luring users into clicking on a Project Dashboards name that contains the malicious payload, which triggers a logout request and terminates their session. This vulnerability stems from the absence of CSRF protections on the logout functionality, allowing malicious actions to be executed without user consent."
"value": "REDCap through 14.9.6 has a security flaw in the Project Dashboards name, exposing users to a Cross-Site Request Forgery (CSRF) attack. An attacker can exploit this by luring users into clicking on a Project Dashboards name that contains the malicious payload, which triggers a logout request and terminates their session. This vulnerability stems from the absence of CSRF protections on the logout functionality, allowing malicious actions to be executed without user consent."
},
{
"lang": "es",

4
CVE-2024/CVE-2024-563xx/CVE-2024-56311.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-56311",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-12-22T21:15:16.600",
"lastModified": "2024-12-24T03:15:07.607",
"lastModified": "2025-01-10T11:15:09.013",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "REDCap through 15.0.0 has a security flaw in the Notes section of calendar events, exposing users to a Cross-Site Request Forgery (CSRF) attack. An attacker can exploit this by luring users into accessing a calendar event's notes, which triggers a logout request and terminates their session. This vulnerability stems from the absence of CSRF protections on the logout functionality, allowing malicious actions to be executed without user consent."
"value": "REDCap through 14.9.6 has a security flaw in the Notes section of calendar events, exposing users to a Cross-Site Request Forgery (CSRF) attack. An attacker can exploit this by luring users into accessing a calendar event's notes, which triggers a logout request and terminates their session. This vulnerability stems from the absence of CSRF protections on the logout functionality, allowing malicious actions to be executed without user consent."
},
{
"lang": "es",

4
CVE-2024/CVE-2024-563xx/CVE-2024-56312.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-56312",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-12-22T22:15:05.630",
"lastModified": "2024-12-24T03:15:07.770",
"lastModified": "2025-01-10T11:15:09.247",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in the Project Dashboard name of REDCap through 15.0.0 allows authenticated users to inject malicious scripts into the name field of a Project Dashboard. When a user clicks on the project Dashboard name, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts."
"value": "A stored cross-site scripting (XSS) vulnerability in the Project Dashboard name of REDCap through 14.9.6 allows authenticated users to inject malicious scripts into the name field of a Project Dashboard. When a user clicks on the project Dashboard name, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts."
},
{
"lang": "es",

4
CVE-2024/CVE-2024-563xx/CVE-2024-56313.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-56313",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-12-22T22:15:06.540",
"lastModified": "2024-12-24T03:15:07.927",
"lastModified": "2025-01-10T11:15:09.473",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in the Calendar feature of REDCap through 15.0.0 allows authenticated users to inject malicious scripts into the Notes field of a calendar event. When the event is viewed, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts."
"value": "A stored cross-site scripting (XSS) vulnerability in the Calendar feature of REDCap through 14.9.6 allows authenticated users to inject malicious scripts into the Notes field of a calendar event. When the event is viewed, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts."
},
{
"lang": "es",

4
CVE-2024/CVE-2024-563xx/CVE-2024-56314.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-56314",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-12-22T22:15:06.670",
"lastModified": "2024-12-24T03:15:08.083",
"lastModified": "2025-01-10T11:15:09.813",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in the Project name of REDCap through 15.0.0 allows authenticated users to inject malicious scripts into the name field of a Project. When a user clicks on the project name to access it, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts."
"value": "A stored cross-site scripting (XSS) vulnerability in the Project name of REDCap through 14.9.6 allows authenticated users to inject malicious scripts into the name field of a Project. When a user clicks on the project name to access it, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts."
},
{
"lang": "es",

56
CVE-2025/CVE-2025-230xx/CVE-2025-23016.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-23016",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-10T12:15:25.480",
"lastModified": "2025-01-10T12:15:25.480",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"references": [
{
"url": "https://github.com/FastCGI-Archives/fcgi2/issues/67",
"source": "cve@mitre.org"
}
]
}

18
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2025-01-10T09:00:31.532513+00:00
2025-01-10T13:00:20.068473+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2025-01-10T08:15:25.967000+00:00
2025-01-10T12:15:25.480000+00:00
```
### Last Data Feed Release
@ -33,21 +33,27 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
276618
276620
```
### CVEs added in the last Commit
Recently added CVEs: `2`
- [CVE-2024-13183](CVE-2024/CVE-2024-131xx/CVE-2024-13183.json) (`2025-01-10T08:15:25.967`)
- [CVE-2025-0311](CVE-2025/CVE-2025-03xx/CVE-2025-0311.json) (`2025-01-10T07:15:08.507`)
- [CVE-2024-13318](CVE-2024/CVE-2024-133xx/CVE-2024-13318.json) (`2025-01-10T12:15:24.257`)
- [CVE-2025-23016](CVE-2025/CVE-2025-230xx/CVE-2025-23016.json) (`2025-01-10T12:15:25.480`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `6`
- [CVE-2024-56113](CVE-2024/CVE-2024-561xx/CVE-2024-56113.json) (`2025-01-10T11:15:06.967`)
- [CVE-2024-56310](CVE-2024/CVE-2024-563xx/CVE-2024-56310.json) (`2025-01-10T11:15:08.653`)
- [CVE-2024-56311](CVE-2024/CVE-2024-563xx/CVE-2024-56311.json) (`2025-01-10T11:15:09.013`)
- [CVE-2024-56312](CVE-2024/CVE-2024-563xx/CVE-2024-56312.json) (`2025-01-10T11:15:09.247`)
- [CVE-2024-56313](CVE-2024/CVE-2024-563xx/CVE-2024-56313.json) (`2025-01-10T11:15:09.473`)
- [CVE-2024-56314](CVE-2024/CVE-2024-563xx/CVE-2024-56314.json) (`2025-01-10T11:15:09.813`)
## Download and Usage

18
_state.csv
View File

@ -245688,7 +245688,7 @@ CVE-2024-1316,0,0,ec6b544cc876a8479e8de890063434d877e95d2641a1a8c864b5c959e6dbfa
CVE-2024-1317,0,0,a1d296c91e245cb27c998bff4f84250fb1101a61ebac429b7ce35a2ceb239c73,2024-12-31T16:57:11.080000
CVE-2024-13173,0,0,f1a33d2e3c9b2cf91c9a53b07743d77111624711ca1e4fa83f21d1b344cad8f0,2025-01-08T15:15:16.577000
CVE-2024-1318,0,0,875ffbabaf295988fe72077a5574dbe20799a2a8618e7dc53ba31731145c671a,2024-12-31T16:56:50.763000
CVE-2024-13183,1,1,c06710e484599292530472624034ea6f4353648e49c8ce38c9e19589a75e8e8d,2025-01-10T08:15:25.967000
CVE-2024-13183,0,0,c06710e484599292530472624034ea6f4353648e49c8ce38c9e19589a75e8e8d,2025-01-10T08:15:25.967000
CVE-2024-13185,0,0,309623867cf2a365ccf0f9b8bad47d56d8813a4020c9e23dc24fdd83b6361ef7,2025-01-08T15:15:17.163000
CVE-2024-13186,0,0,ab68464e9eb8c64ef77f66273b4531bf06ac11994ab182c60b128be5d808b9b1,2025-01-08T14:15:26.227000
CVE-2024-13187,0,0,22a296a0fc204e7fb6d468d261ef96cb75ee85392fddddbfd453c9e83d5a5443,2025-01-08T21:15:11.973000
@ -245803,6 +245803,7 @@ CVE-2024-1331,0,0,b8018aa4d406613d3ec27aefa47c4e3b21af15db4ddfb753850f1de6f3ba1f
CVE-2024-13310,0,0,828595479473c57046eae2d88e9bebe5779d22e1ddcc647a3202516ea6a2fd94,2025-01-09T21:15:28.867000
CVE-2024-13311,0,0,5da93e28a2521be5f63a8dbbc23284ef7a19ffd55e0f6504c5157fe570c5e04a,2025-01-09T21:15:28.970000
CVE-2024-13312,0,0,1bd9e55909ab519ba7f4fe1fa840585567d93c745790513daa4387247d8a931f,2025-01-09T21:15:29.077000
CVE-2024-13318,1,1,2d22b5226ac3ff62b5ca8e6b40ee6cf0bfbbb39ed5cd8f63c78d6f4839a7b126,2025-01-10T12:15:24.257000
CVE-2024-1332,0,0,43a2cb0465d1ed7fa77b51d32b9ef650ccc5cd8e8f972f53915014a8e37bc428,2024-11-21T08:50:21.220000
CVE-2024-1333,0,0,7e67218d34e52c77cd12091eb7bec4820751f8a3faacd15e7977a33b9d658d65,2024-11-21T08:50:21.337000
CVE-2024-1334,0,0,8823bf53da4897f18ca7daefd05e524ce4cfc11c398467ab7dbcaff8bf5ff61a,2024-12-31T16:48:40.290000
@ -272096,7 +272097,7 @@ CVE-2024-5609,0,0,4c03a855f07c8ea18d8e7a70e1e2d3467f32254daea5abf62f130fb919fa93
CVE-2024-5610,0,0,c876fccd541dbbe5edac90b3257f7d2b3efde4d5bff83326921f06d03b7a383e,2025-01-08T23:15:09.653000
CVE-2024-5611,0,0,52c51c7a288f3c0ab122ffc809ef2624c3045fff37cac024f8608d70739aac41,2024-11-21T09:48:00.920000
CVE-2024-56112,0,0,9c37554a9e3e8121be632deb2b2e9ed13eeb0233b63a1c1f431c838fba55a392,2024-12-16T16:15:10.313000
CVE-2024-56113,0,0,22e3565988ff4046d5c46e3365d34dfe7a115e834a14a63e0823ad57a0ef8391,2025-01-09T20:15:39.603000
CVE-2024-56113,0,1,278a6e6ab2481c94ab7524ce87a33bb2018b745bd905912a96a1db1978e8031a,2025-01-10T11:15:06.967000
CVE-2024-56114,0,0,f02c2ad4d7ecf61e5fdce904c466ce41d4413b0292bff9e1ea986774cc1bdbf2,2025-01-09T20:15:39.730000
CVE-2024-56115,0,0,ccfdd8ee6f18e71a09e80e77c239dd784626f96d64ab8285164962abb0ea0b53,2024-12-31T20:16:07.903000
CVE-2024-56116,0,0,5e9e1abf1b4a263f6e9c895ad87cdc1730c02159e6e176fd37997ee62e12a317,2024-12-31T20:16:08.107000
@ -272229,11 +272230,11 @@ CVE-2024-5630,0,0,50874e31f2d6c9403bb3dbaf933b8b3f439196ea7c18b531eba9bc061324fe
CVE-2024-56300,0,0,6531f60bb6fc7d50575450a241ba60ed46e028300b5a029de0cff1df022f04a0,2025-01-07T11:15:13.117000
CVE-2024-56302,0,0,3cc2e63549a8e725e4b4c7af568502951e05c6a235ad3d0ca614770a8ee20a50,2025-01-02T12:15:28.753000
CVE-2024-5631,0,0,2a74e658158bae900a85436e92fd017c375ea2371e9ccb7b5a67e7bbd481f6b3,2024-11-21T09:48:03.210000
CVE-2024-56310,0,0,52fb9787ce6d270fefb09f2575978be0fb95a84a154a0887a6718d274c54ad79,2024-12-24T03:15:07.440000
CVE-2024-56311,0,0,089d97332acc5f211988eed9d3b59059f55f7a6e9ca155ec1e51c7ffd258edf8,2024-12-24T03:15:07.607000
CVE-2024-56312,0,0,cb86205520ef5db7c914d1a75ac3f5ba74360f863545f19038e07f9bcdb0703c,2024-12-24T03:15:07.770000
CVE-2024-56313,0,0,77b550409f008b252773269f5c3c808c73df4beef9ebd650c5ec3a7771cae57b,2024-12-24T03:15:07.927000
CVE-2024-56314,0,0,6df7fe51a54001b033f35cf71e56a8c8648fba9702436f5b14cd4bfc37c84ea1,2024-12-24T03:15:08.083000
CVE-2024-56310,0,1,504b7fd666c1442286d54f55944c462eb51c7dceeef2927a27ef8634036e0670,2025-01-10T11:15:08.653000
CVE-2024-56311,0,1,0fb6f784b8a8cc3318a4ec09eabe897a0e752ba205a029044e65704238710e9e,2025-01-10T11:15:09.013000
CVE-2024-56312,0,1,f1adcf4197c797fe6b0a1a46304cbf2fb405f674e8a600f4a69a2ccfe8c946c9,2025-01-10T11:15:09.247000
CVE-2024-56313,0,1,7176f6e1d9bab96e7128ca03a4b53189ba7debb87ff8c6ca0ec580b125042fd7,2025-01-10T11:15:09.473000
CVE-2024-56314,0,1,b20290da5b4efb3d1b1801c53835b488ea1202340e3c12eab424b3c4f6bfeabb,2025-01-10T11:15:09.813000
CVE-2024-56317,0,0,8d6cb761ec1de8db3f8894652188d82bc1e600feec839db7f7746cdf2c5b129d,2025-01-02T20:16:06.723000
CVE-2024-56318,0,0,4614542827deff1ff7fc917535aa016ec46ffc813ff98610f6d274ec4b4e2e50,2025-01-02T20:16:06.917000
CVE-2024-56319,0,0,28ca3f0845265026262f805138452dcd32240d1eb92a7bdb1a246f385a35fe7a,2024-12-31T20:16:08.380000
@ -276378,7 +276379,7 @@ CVE-2025-0299,0,0,46c993a70c9dd5843cd4dc3486123b8f79f076cb607c745df442454088b3fb
CVE-2025-0300,0,0,6462b093b202cdda5c643638789beb08104cb14d8ff95eb1f2f740fecb0f8630,2025-01-07T17:15:32.090000
CVE-2025-0301,0,0,db7e09db06a3c89075ef99c6e0773ce8d9b6391802870d788b13b4dc1d994dbc,2025-01-07T18:15:21.460000
CVE-2025-0306,0,0,b68f04c884b94c2988081809303425e8fc9d9a1826584b2811a6c0892a02e108,2025-01-09T04:15:13
CVE-2025-0311,1,1,de58302344eaf2d5f19c5a918661bf308f3794fc22c5bdd8fec6bf58451dfe49,2025-01-10T07:15:08.507000
CVE-2025-0311,0,0,de58302344eaf2d5f19c5a918661bf308f3794fc22c5bdd8fec6bf58451dfe49,2025-01-10T07:15:08.507000
CVE-2025-0328,0,0,511489195998b544d95e473f59edc225df3f03b898b8949ae54b7be85757b835,2025-01-09T17:15:17.330000
CVE-2025-0331,0,0,5d1653aab10b087569df4f8a29838e92935196f68c8f8116069a88ef7b3aacf8,2025-01-09T17:15:17.933000
CVE-2025-0333,0,0,2629a2f610016a17e720ebc1880354665b0ae5926a217965d584deca7c3f405b,2025-01-09T17:15:18.077000
@ -276617,3 +276618,4 @@ CVE-2025-22823,0,0,3cb7eb88e447de51bff31c745363425ef76d647ead034c7dcc7937c26e7a2
CVE-2025-22824,0,0,5fa10c72f2f35c9e6ef05d40ca4cfa4e3b7c835fa36365c8ed7a7e09e9b30683,2025-01-09T16:16:32.893000
CVE-2025-22826,0,0,332ad518891412cb4c6c16f7ba7d02f766b23d1581d77bb741cc4eabe620f85e,2025-01-09T16:16:33.047000
CVE-2025-22827,0,0,b5e1199d90422b236ce828e6fe5f814f4ca97d3be889a387ee962fd6e98a8505,2025-01-09T16:16:33.200000
CVE-2025-23016,1,1,1c67a63f9a41740f8d4af81b34c85e6f74b5ff1f143c072a8b498d13d3f6a8c5,2025-01-10T12:15:25.480000

Can't render this file because it is too large.