diff --git a/CVE-2024/CVE-2024-102xx/CVE-2024-10237.json b/CVE-2024/CVE-2024-102xx/CVE-2024-10237.json new file mode 100644 index 00000000000..3517c00d3f0 --- /dev/null +++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10237.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-10237", + "sourceIdentifier": "def9a96e-e099-41a9-bfac-30fd4f82c411", + "published": "2025-02-04T08:15:27.920", + "lastModified": "2025-02-04T08:15:27.920", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "There is a vulnerability in the BMC firmware image authentication design \n\n at Supermicro MBD-X12DPG-OA6\n\n. An attacker can modify the firmware to bypass BMC inspection and bypass the signature verification process" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "def9a96e-e099-41a9-bfac-30fd4f82c411", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "def9a96e-e099-41a9-bfac-30fd4f82c411", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-345" + }, + { + "lang": "en", + "value": "CWE-347" + } + ] + } + ], + "references": [ + { + "url": "https://www.supermicro.com/en/support/security_BMC_IPMI_Jan_2025", + "source": "def9a96e-e099-41a9-bfac-30fd4f82c411" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-102xx/CVE-2024-10238.json b/CVE-2024/CVE-2024-102xx/CVE-2024-10238.json new file mode 100644 index 00000000000..8cb9c08b5ec --- /dev/null +++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10238.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-10238", + "sourceIdentifier": "def9a96e-e099-41a9-bfac-30fd4f82c411", + "published": "2025-02-04T08:15:28.280", + "lastModified": "2025-02-04T08:15:28.280", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A security issue in the firmware image verification implementation \n\n at Supermicro MBD-X12DPG-OA6. An attacker can upload a specially crafted image that will cause a stack overflow is caused by not checking fld->used_bytes." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "def9a96e-e099-41a9-bfac-30fd4f82c411", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "def9a96e-e099-41a9-bfac-30fd4f82c411", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://www.supermicro.com/en/support/security_BMC_IPMI_Jan_2025", + "source": "def9a96e-e099-41a9-bfac-30fd4f82c411" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-102xx/CVE-2024-10239.json b/CVE-2024/CVE-2024-102xx/CVE-2024-10239.json new file mode 100644 index 00000000000..1fbeea0f2db --- /dev/null +++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10239.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-10239", + "sourceIdentifier": "def9a96e-e099-41a9-bfac-30fd4f82c411", + "published": "2025-02-04T08:15:28.430", + "lastModified": "2025-02-04T08:15:28.430", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A security issue in the firmware image verification implementation at Supermicro\u00a0MBD-X12DPG-OA6\u00a0. An attacker with administrator privileges can upload a specially crafted image, which can cause a stack overflow due to the unchecked fat->fsd.max_fld." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "def9a96e-e099-41a9-bfac-30fd4f82c411", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "def9a96e-e099-41a9-bfac-30fd4f82c411", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://www.supermicro.com/en/support/security_BMC_IPMI_Jan_2025", + "source": "def9a96e-e099-41a9-bfac-30fd4f82c411" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-120xx/CVE-2024-12046.json b/CVE-2024/CVE-2024-120xx/CVE-2024-12046.json new file mode 100644 index 00000000000..27995c164a9 --- /dev/null +++ b/CVE-2024/CVE-2024-120xx/CVE-2024-12046.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2024-12046", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-02-04T08:15:28.583", + "lastModified": "2025-02-04T08:15:28.583", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Medical Addon for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.6.2 via the 'namedical_elementor_template' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the content of draft, pending, and private posts." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/medical-addon-for-elementor/trunk/elementor/lib/lib.php#L12", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/medical-addon-for-elementor/trunk/elementor/lib/lib.php#L24", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3230459/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d5f4c4ec-bdb5-4f27-8ee3-060de9b62502?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-125xx/CVE-2024-12597.json b/CVE-2024/CVE-2024-125xx/CVE-2024-12597.json new file mode 100644 index 00000000000..ec3b763742c --- /dev/null +++ b/CVE-2024/CVE-2024-125xx/CVE-2024-12597.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12597", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-02-04T07:15:12.520", + "lastModified": "2025-02-04T07:15:12.520", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'block_css' and 'inner_css' parameters in all versions up to, and including, 2.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3209697/ht-mega-for-elementor", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/17f12e75-0bb6-48ed-9ba2-17caab268d61?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-135xx/CVE-2024-13514.json b/CVE-2024/CVE-2024-135xx/CVE-2024-13514.json new file mode 100644 index 00000000000..ab92e212620 --- /dev/null +++ b/CVE-2024/CVE-2024-135xx/CVE-2024-13514.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-13514", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-02-04T08:15:28.777", + "lastModified": "2025-02-04T08:15:28.777", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.5 via the 'bsb-slider' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private posts that they should not have access to." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3228644/b-slider/trunk/custom-post.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b0ab9274-35c8-473b-accb-602e53816528?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-136xx/CVE-2024-13607.json b/CVE-2024/CVE-2024-136xx/CVE-2024-13607.json new file mode 100644 index 00000000000..9c955f83688 --- /dev/null +++ b/CVE-2024/CVE-2024-136xx/CVE-2024-13607.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-13607", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-02-04T07:15:12.973", + "lastModified": "2025-02-04T07:15:12.973", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The JS Help Desk \u2013 The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.8 via the 'exportusereraserequest' due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level permissions and above, to export ticket data for any user." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/js-support-ticket/tags/2.8.8/modules/gdpr/controller.php#L110", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3230977/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3f57fbbc-ed5a-4452-bd8a-6fc0a4536d76?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-208xx/CVE-2025-20881.json b/CVE-2025/CVE-2025-208xx/CVE-2025-20881.json new file mode 100644 index 00000000000..e1b962719c3 --- /dev/null +++ b/CVE-2025/CVE-2025-208xx/CVE-2025-20881.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2025-20881", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2025-02-04T08:15:28.957", + "lastModified": "2025-02-04T08:15:28.957", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Out-of-bounds write in accessing buffer storing the decoded video frames in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.0, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-208xx/CVE-2025-20882.json b/CVE-2025/CVE-2025-208xx/CVE-2025-20882.json new file mode 100644 index 00000000000..b137ba1fcc7 --- /dev/null +++ b/CVE-2025/CVE-2025-208xx/CVE-2025-20882.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2025-20882", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2025-02-04T08:15:29.097", + "lastModified": "2025-02-04T08:15:29.097", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Out-of-bounds write in accessing uninitialized memory for svc1td in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.0, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-208xx/CVE-2025-20883.json b/CVE-2025/CVE-2025-208xx/CVE-2025-20883.json new file mode 100644 index 00000000000..b02a3b71a9e --- /dev/null +++ b/CVE-2025/CVE-2025-208xx/CVE-2025-20883.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2025-20883", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2025-02-04T08:15:29.210", + "lastModified": "2025-02-04T08:15:29.210", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper access control in SoundPicker prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-208xx/CVE-2025-20884.json b/CVE-2025/CVE-2025-208xx/CVE-2025-20884.json new file mode 100644 index 00000000000..7aad8633db3 --- /dev/null +++ b/CVE-2025/CVE-2025-208xx/CVE-2025-20884.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2025-20884", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2025-02-04T08:15:29.340", + "lastModified": "2025-02-04T08:15:29.340", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper access control in Samsung Message prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-208xx/CVE-2025-20885.json b/CVE-2025/CVE-2025-208xx/CVE-2025-20885.json new file mode 100644 index 00000000000..c1937913a3d --- /dev/null +++ b/CVE-2025/CVE-2025-208xx/CVE-2025-20885.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2025-20885", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2025-02-04T08:15:29.463", + "lastModified": "2025-02-04T08:15:29.463", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Out-of-bounds write in softsim TA prior to SMR Jan-2025 Release 1 allows local privileged attackers to cause memory corruption." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.5, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-208xx/CVE-2025-20886.json b/CVE-2025/CVE-2025-208xx/CVE-2025-20886.json new file mode 100644 index 00000000000..65aedbf4a9e --- /dev/null +++ b/CVE-2025/CVE-2025-208xx/CVE-2025-20886.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2025-20886", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2025-02-04T08:15:29.597", + "lastModified": "2025-02-04T08:15:29.597", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Inclusion of sensitive information in test code in softsim TA prior to SMR Jan-2025 Release 1 allows local privileged attackers to get test key." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 4.1, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.5, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-208xx/CVE-2025-20887.json b/CVE-2025/CVE-2025-208xx/CVE-2025-20887.json new file mode 100644 index 00000000000..3ee02d4cccb --- /dev/null +++ b/CVE-2025/CVE-2025-208xx/CVE-2025-20887.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2025-20887", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2025-02-04T08:15:29.720", + "lastModified": "2025-02-04T08:15:29.720", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Out-of-bounds read in accessing table used for svp8t in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.0, + "impactScore": 4.2 + } + ] + }, + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-208xx/CVE-2025-20888.json b/CVE-2025/CVE-2025-208xx/CVE-2025-20888.json new file mode 100644 index 00000000000..11ff75d55d6 --- /dev/null +++ b/CVE-2025/CVE-2025-208xx/CVE-2025-20888.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2025-20888", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2025-02-04T08:15:29.847", + "lastModified": "2025-02-04T08:15:29.847", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Out-of-bounds write in handling the block size for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.0, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-208xx/CVE-2025-20889.json b/CVE-2025/CVE-2025-208xx/CVE-2025-20889.json new file mode 100644 index 00000000000..2624b1ccd9f --- /dev/null +++ b/CVE-2025/CVE-2025-208xx/CVE-2025-20889.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2025-20889", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2025-02-04T08:15:29.983", + "lastModified": "2025-02-04T08:15:29.983", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Out-of-bounds read in decoding malformed bitstream for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.0, + "impactScore": 4.2 + } + ] + }, + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-208xx/CVE-2025-20890.json b/CVE-2025/CVE-2025-208xx/CVE-2025-20890.json new file mode 100644 index 00000000000..d875d726895 --- /dev/null +++ b/CVE-2025/CVE-2025-208xx/CVE-2025-20890.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2025-20890", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2025-02-04T08:15:30.140", + "lastModified": "2025-02-04T08:15:30.140", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Out-of-bounds write in decoding frame buffer in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.0, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-208xx/CVE-2025-20891.json b/CVE-2025/CVE-2025-208xx/CVE-2025-20891.json new file mode 100644 index 00000000000..948970eff82 --- /dev/null +++ b/CVE-2025/CVE-2025-208xx/CVE-2025-20891.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2025-20891", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2025-02-04T08:15:30.283", + "lastModified": "2025-02-04T08:15:30.283", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Out-of-bounds read in decoding malformed bitstream of video thumbnails in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.0, + "impactScore": 4.2 + } + ] + }, + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-208xx/CVE-2025-20892.json b/CVE-2025/CVE-2025-208xx/CVE-2025-20892.json new file mode 100644 index 00000000000..727991a29b7 --- /dev/null +++ b/CVE-2025/CVE-2025-208xx/CVE-2025-20892.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2025-20892", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2025-02-04T08:15:30.407", + "lastModified": "2025-02-04T08:15:30.407", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Protection Mechanism Failure in bootloader prior to SMR Jan-2025 Release 1 allows physical attackers to allow to execute fastboot command. User interaction is required for triggering this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.7, + "impactScore": 5.2 + } + ] + }, + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-208xx/CVE-2025-20893.json b/CVE-2025/CVE-2025-208xx/CVE-2025-20893.json new file mode 100644 index 00000000000..162d4aa1dcb --- /dev/null +++ b/CVE-2025/CVE-2025-208xx/CVE-2025-20893.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2025-20893", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2025-02-04T08:15:30.537", + "lastModified": "2025-02-04T08:15:30.537", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper access control in NotificationManager prior to SMR Jan-2025 Release 1 allows local attackers to change the configuration of notifications." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.5, + "impactScore": 2.5 + } + ] + }, + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-208xx/CVE-2025-20894.json b/CVE-2025/CVE-2025-208xx/CVE-2025-20894.json new file mode 100644 index 00000000000..b4348b936ad --- /dev/null +++ b/CVE-2025/CVE-2025-208xx/CVE-2025-20894.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2025-20894", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2025-02-04T08:15:30.673", + "lastModified": "2025-02-04T08:15:30.673", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper access control in Samsung Email prior to version 6.1.97.1 allows physical attackers to access data across multiple user profiles." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=01", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-208xx/CVE-2025-20895.json b/CVE-2025/CVE-2025-208xx/CVE-2025-20895.json new file mode 100644 index 00000000000..bb6c9cea68d --- /dev/null +++ b/CVE-2025/CVE-2025-208xx/CVE-2025-20895.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2025-20895", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2025-02-04T08:15:30.827", + "lastModified": "2025-02-04T08:15:30.827", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Authentication Bypass Using an Alternate Path in Galaxy Store prior to version 4.5.87.6 allows physical attackers to install arbitrary applications to bypass restrictions of Setupwizard." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "baseScore": 3.2, + "baseSeverity": "LOW", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.7, + "impactScore": 2.5 + } + ] + }, + "references": [ + { + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=01", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-208xx/CVE-2025-20896.json b/CVE-2025/CVE-2025-208xx/CVE-2025-20896.json new file mode 100644 index 00000000000..6d1879534f1 --- /dev/null +++ b/CVE-2025/CVE-2025-208xx/CVE-2025-20896.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2025-20896", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2025-02-04T08:15:30.973", + "lastModified": "2025-02-04T08:15:30.973", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Use of implicit intent for sensitive communication in EasySetup prior to version 11.1.18 allows local attackers to access sensitive information." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.0, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.5, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=01", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-208xx/CVE-2025-20897.json b/CVE-2025/CVE-2025-208xx/CVE-2025-20897.json new file mode 100644 index 00000000000..bddf323dcb6 --- /dev/null +++ b/CVE-2025/CVE-2025-208xx/CVE-2025-20897.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2025-20897", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2025-02-04T08:15:31.123", + "lastModified": "2025-02-04T08:15:31.123", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper access control in Secure Folder prior to version 1.9.20.50 in Android 14, 1.8.11.0 in Android 13, and 1.7.04.0 in Android 12 allows local attacker to access data in Secure Folder." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.5, + "impactScore": 4.2 + } + ] + }, + "references": [ + { + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=01", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-208xx/CVE-2025-20898.json b/CVE-2025/CVE-2025-208xx/CVE-2025-20898.json new file mode 100644 index 00000000000..7d647aa74db --- /dev/null +++ b/CVE-2025/CVE-2025-208xx/CVE-2025-20898.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2025-20898", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2025-02-04T08:15:31.270", + "lastModified": "2025-02-04T08:15:31.270", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper input validation in Samsung Members prior to version 5.2.00.12 allows physical attackers to access data across multiple user profiles." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=01", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-208xx/CVE-2025-20899.json b/CVE-2025/CVE-2025-208xx/CVE-2025-20899.json new file mode 100644 index 00000000000..7bf100e7813 --- /dev/null +++ b/CVE-2025/CVE-2025-208xx/CVE-2025-20899.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2025-20899", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2025-02-04T08:15:31.407", + "lastModified": "2025-02-04T08:15:31.407", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper access control in PushNotification prior to version 13.0.00.15 in Android 12, 14.0.00.7 in Android 13, and 15.1.00.5 in Android 14 allows local attackers to access sensitive information." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.0, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.5, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=01", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-209xx/CVE-2025-20900.json b/CVE-2025/CVE-2025-209xx/CVE-2025-20900.json new file mode 100644 index 00000000000..61bebbb47b7 --- /dev/null +++ b/CVE-2025/CVE-2025-209xx/CVE-2025-20900.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2025-20900", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2025-02-04T08:15:31.573", + "lastModified": "2025-02-04T08:15:31.573", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Out-of-bounds write in Blockchain Keystore prior to version 1.3.16.5 allows local privileged attackers to write out-of-bounds memory." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.5 + } + ] + }, + "references": [ + { + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=01", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-209xx/CVE-2025-20901.json b/CVE-2025/CVE-2025-209xx/CVE-2025-20901.json new file mode 100644 index 00000000000..8c24c1b45ea --- /dev/null +++ b/CVE-2025/CVE-2025-209xx/CVE-2025-20901.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2025-20901", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2025-02-04T08:15:31.707", + "lastModified": "2025-02-04T08:15:31.707", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Out-of-bounds read in Blockchain Keystore prior to version 1.3.16.5 allows local privileged attackers to read out-of-bounds memory." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=01", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-209xx/CVE-2025-20902.json b/CVE-2025/CVE-2025-209xx/CVE-2025-20902.json new file mode 100644 index 00000000000..dcff8c33b91 --- /dev/null +++ b/CVE-2025/CVE-2025-209xx/CVE-2025-20902.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2025-20902", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2025-02-04T08:15:31.857", + "lastModified": "2025-02-04T08:15:31.857", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper access control in Media Controller prior to version 1.0.24.5282 allows local attacker to launch activities in MediaController's privilege." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.5, + "impactScore": 2.5 + } + ] + }, + "references": [ + { + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=01", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-209xx/CVE-2025-20904.json b/CVE-2025/CVE-2025-209xx/CVE-2025-20904.json new file mode 100644 index 00000000000..5516ff5fd73 --- /dev/null +++ b/CVE-2025/CVE-2025-209xx/CVE-2025-20904.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2025-20904", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2025-02-04T08:15:32.010", + "lastModified": "2025-02-04T08:15:32.010", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Out-of-bounds write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged attackers to cause memory corruption." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.5 + } + ] + }, + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=02", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-209xx/CVE-2025-20905.json b/CVE-2025/CVE-2025-209xx/CVE-2025-20905.json new file mode 100644 index 00000000000..1236f7e4c6f --- /dev/null +++ b/CVE-2025/CVE-2025-209xx/CVE-2025-20905.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2025-20905", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2025-02-04T08:15:32.130", + "lastModified": "2025-02-04T08:15:32.130", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Out-of-bounds read and write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged attackers to read and write out-of-bounds memory." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.5 + } + ] + }, + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=02", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-209xx/CVE-2025-20906.json b/CVE-2025/CVE-2025-209xx/CVE-2025-20906.json new file mode 100644 index 00000000000..61994c1b287 --- /dev/null +++ b/CVE-2025/CVE-2025-209xx/CVE-2025-20906.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2025-20906", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2025-02-04T08:15:32.263", + "lastModified": "2025-02-04T08:15:32.263", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Export of Android Application Components in Settings prior to SMR Feb-2025 Release 1 allows local attackers to enable ADB." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=02", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-209xx/CVE-2025-20907.json b/CVE-2025/CVE-2025-209xx/CVE-2025-20907.json new file mode 100644 index 00000000000..64d978bdb6b --- /dev/null +++ b/CVE-2025/CVE-2025-209xx/CVE-2025-20907.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2025-20907", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2025-02-04T08:15:32.403", + "lastModified": "2025-02-04T08:15:32.403", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper privilege management in Samsung Find prior to SMR Feb-2025 Release 1 allows local privileged attackers to disable Samsung Find." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", + "baseScore": 6.0, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.5, + "impactScore": 4.0 + } + ] + }, + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=02", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-222xx/CVE-2025-22204.json b/CVE-2025/CVE-2025-222xx/CVE-2025-22204.json new file mode 100644 index 00000000000..f4101cea28e --- /dev/null +++ b/CVE-2025/CVE-2025-222xx/CVE-2025-22204.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-22204", + "sourceIdentifier": "security@joomla.org", + "published": "2025-02-04T08:15:32.563", + "lastModified": "2025-02-04T08:15:32.563", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper control of generation of code in the sourcerer extension for Joomla in versions before 11.0.0 lead to a remote code execution vulnerability." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@joomla.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://regularlabs.com/sourcerer", + "source": "security@joomla.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-222xx/CVE-2025-22205.json b/CVE-2025/CVE-2025-222xx/CVE-2025-22205.json new file mode 100644 index 00000000000..edefbc79584 --- /dev/null +++ b/CVE-2025/CVE-2025-222xx/CVE-2025-22205.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-22205", + "sourceIdentifier": "security@joomla.org", + "published": "2025-02-04T08:15:32.703", + "lastModified": "2025-02-04T08:15:32.703", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper handling of input variables lead to multiple path traversal vulnerabilities in the Admiror Gallery extension for Joomla in version branch 4.x." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@joomla.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-35" + } + ] + } + ], + "references": [ + { + "url": "http://www.admiror-design-studio.com/admiror-joomla-extensions/admiror-gallery", + "source": "security@joomla.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 2dd7b06009f..26c85962b79 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-02-04T07:00:22.782541+00:00 +2025-02-04T09:00:48.772813+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-02-04T06:15:30.160000+00:00 +2025-02-04T08:15:32.703000+00:00 ``` ### Last Data Feed Release @@ -33,26 +33,38 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -279963 +279998 ``` ### CVEs added in the last Commit -Recently added CVEs: `13` +Recently added CVEs: `35` -- [CVE-2024-13114](CVE-2024/CVE-2024-131xx/CVE-2024-13114.json) (`2025-02-04T06:15:27.627`) -- [CVE-2024-13115](CVE-2024/CVE-2024-131xx/CVE-2024-13115.json) (`2025-02-04T06:15:28.987`) -- [CVE-2024-13325](CVE-2024/CVE-2024-133xx/CVE-2024-13325.json) (`2025-02-04T06:15:29.103`) -- [CVE-2024-13326](CVE-2024/CVE-2024-133xx/CVE-2024-13326.json) (`2025-02-04T06:15:29.227`) -- [CVE-2024-13327](CVE-2024/CVE-2024-133xx/CVE-2024-13327.json) (`2025-02-04T06:15:29.337`) -- [CVE-2024-13328](CVE-2024/CVE-2024-133xx/CVE-2024-13328.json) (`2025-02-04T06:15:29.450`) -- [CVE-2024-13329](CVE-2024/CVE-2024-133xx/CVE-2024-13329.json) (`2025-02-04T06:15:29.560`) -- [CVE-2024-13330](CVE-2024/CVE-2024-133xx/CVE-2024-13330.json) (`2025-02-04T06:15:29.683`) -- [CVE-2024-13331](CVE-2024/CVE-2024-133xx/CVE-2024-13331.json) (`2025-02-04T06:15:29.807`) -- [CVE-2024-13332](CVE-2024/CVE-2024-133xx/CVE-2024-13332.json) (`2025-02-04T06:15:29.917`) -- [CVE-2025-0368](CVE-2025/CVE-2025-03xx/CVE-2025-0368.json) (`2025-02-04T06:15:30.037`) -- [CVE-2025-0466](CVE-2025/CVE-2025-04xx/CVE-2025-0466.json) (`2025-02-04T06:15:30.160`) -- [CVE-2025-24982](CVE-2025/CVE-2025-249xx/CVE-2025-24982.json) (`2025-02-04T05:15:10.543`) +- [CVE-2025-20884](CVE-2025/CVE-2025-208xx/CVE-2025-20884.json) (`2025-02-04T08:15:29.340`) +- [CVE-2025-20885](CVE-2025/CVE-2025-208xx/CVE-2025-20885.json) (`2025-02-04T08:15:29.463`) +- [CVE-2025-20886](CVE-2025/CVE-2025-208xx/CVE-2025-20886.json) (`2025-02-04T08:15:29.597`) +- [CVE-2025-20887](CVE-2025/CVE-2025-208xx/CVE-2025-20887.json) (`2025-02-04T08:15:29.720`) +- [CVE-2025-20888](CVE-2025/CVE-2025-208xx/CVE-2025-20888.json) (`2025-02-04T08:15:29.847`) +- [CVE-2025-20889](CVE-2025/CVE-2025-208xx/CVE-2025-20889.json) (`2025-02-04T08:15:29.983`) +- [CVE-2025-20890](CVE-2025/CVE-2025-208xx/CVE-2025-20890.json) (`2025-02-04T08:15:30.140`) +- [CVE-2025-20891](CVE-2025/CVE-2025-208xx/CVE-2025-20891.json) (`2025-02-04T08:15:30.283`) +- [CVE-2025-20892](CVE-2025/CVE-2025-208xx/CVE-2025-20892.json) (`2025-02-04T08:15:30.407`) +- [CVE-2025-20893](CVE-2025/CVE-2025-208xx/CVE-2025-20893.json) (`2025-02-04T08:15:30.537`) +- [CVE-2025-20894](CVE-2025/CVE-2025-208xx/CVE-2025-20894.json) (`2025-02-04T08:15:30.673`) +- [CVE-2025-20895](CVE-2025/CVE-2025-208xx/CVE-2025-20895.json) (`2025-02-04T08:15:30.827`) +- [CVE-2025-20896](CVE-2025/CVE-2025-208xx/CVE-2025-20896.json) (`2025-02-04T08:15:30.973`) +- [CVE-2025-20897](CVE-2025/CVE-2025-208xx/CVE-2025-20897.json) (`2025-02-04T08:15:31.123`) +- [CVE-2025-20898](CVE-2025/CVE-2025-208xx/CVE-2025-20898.json) (`2025-02-04T08:15:31.270`) +- [CVE-2025-20899](CVE-2025/CVE-2025-208xx/CVE-2025-20899.json) (`2025-02-04T08:15:31.407`) +- [CVE-2025-20900](CVE-2025/CVE-2025-209xx/CVE-2025-20900.json) (`2025-02-04T08:15:31.573`) +- [CVE-2025-20901](CVE-2025/CVE-2025-209xx/CVE-2025-20901.json) (`2025-02-04T08:15:31.707`) +- [CVE-2025-20902](CVE-2025/CVE-2025-209xx/CVE-2025-20902.json) (`2025-02-04T08:15:31.857`) +- [CVE-2025-20904](CVE-2025/CVE-2025-209xx/CVE-2025-20904.json) (`2025-02-04T08:15:32.010`) +- [CVE-2025-20905](CVE-2025/CVE-2025-209xx/CVE-2025-20905.json) (`2025-02-04T08:15:32.130`) +- [CVE-2025-20906](CVE-2025/CVE-2025-209xx/CVE-2025-20906.json) (`2025-02-04T08:15:32.263`) +- [CVE-2025-20907](CVE-2025/CVE-2025-209xx/CVE-2025-20907.json) (`2025-02-04T08:15:32.403`) +- [CVE-2025-22204](CVE-2025/CVE-2025-222xx/CVE-2025-22204.json) (`2025-02-04T08:15:32.563`) +- [CVE-2025-22205](CVE-2025/CVE-2025-222xx/CVE-2025-22205.json) (`2025-02-04T08:15:32.703`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index c5dd39c3f10..788dea22bc4 100644 --- a/_state.csv +++ b/_state.csv @@ -243569,6 +243569,9 @@ CVE-2024-10231,0,0,1cdb8518034cbde6323ad37f5ecdbdd8647d8b70c51f5e1314952e0041e1b CVE-2024-10232,0,0,0d56e4d1ad2ea7a2574f878dbfab6b288953236c47236ee86211a53fb0dc2629,2024-11-01T12:57:03.417000 CVE-2024-10233,0,0,0f0fa741bc160fc828eb74121d2173934d2af8a73c34c7d13db17f836aa89919,2024-10-29T14:34:04.427000 CVE-2024-10234,0,0,0a07df80914e66d5d85b955c292b2b3cf0e6c594aacdd956ae88b148b50f22c3,2024-10-30T18:50:59.883000 +CVE-2024-10237,1,1,3e80212ff5f5c40e42236d694469de67e6d9f50e29e416e7a88a8c6554c6da50,2025-02-04T08:15:27.920000 +CVE-2024-10238,1,1,e5f901cc6ee53d9d44f97f77e338c72f602d37bfb850598d398cfcd689a16371,2025-02-04T08:15:28.280000 +CVE-2024-10239,1,1,0859b76cdc0da2a15df55553c6d22002bf6d4ef10559f26255ab643edfb52051,2025-02-04T08:15:28.430000 CVE-2024-1024,0,0,2ce6ea613c0f5fbd9eefb91502606b7a8afa5d8203c0988924a996fbe7be9c49,2024-11-21T08:49:37.560000 CVE-2024-10240,0,0,276dba492b8757d4f6f0835618fd41c3d6de1d38b01e674953d2dce8a8014991,2024-12-13T01:37:16.177000 CVE-2024-10241,0,0,fe3dcecfada7c3764490fec385526c423fea05ceb1d8cfae03a9be08ced791ff,2024-10-29T14:34:04.427000 @@ -245193,6 +245196,7 @@ CVE-2024-12041,0,0,47082ba9778a8e8f387e97794ecc83e5026dfc63a3058e5ad0a6682c315b4 CVE-2024-12042,0,0,b4111492e93c9126d488ebee36a5b9ed9603a0917a66407440ec106154a8d6d8,2024-12-13T09:15:07.370000 CVE-2024-12043,0,0,8dc317b6d611bb8c472c7c0709ba034ed66cec5b467ec1dbf0f04d35957a17ee,2025-01-23T11:15:09.147000 CVE-2024-12045,0,0,129733e1a8172f1173193ada9167ebfa92abcbaf9c1c22ab7b433d2b7a56ea29,2025-01-08T08:15:24.683000 +CVE-2024-12046,1,1,e7ff56205e3c5070f85bdbd7cae59fdf29223a19ad24ad75866231852f951e92,2025-02-04T08:15:28.583000 CVE-2024-12047,0,0,8440f971596bd55cff74a4ca413c1e3de197b2701820ea36a0544bdffdfe4e47,2025-01-04T08:15:06.157000 CVE-2024-12049,0,0,42e54420720f33c4562344743dcb6a33224d938ded42006d07df2fa0d0a23306,2025-01-07T05:15:14.147000 CVE-2024-1205,0,0,7a555763b4ee56426377ab020ddc9dc79c7bd15b9be6f5edc39ecd5779b4ad33,2024-11-21T08:50:02.210000 @@ -245658,6 +245662,7 @@ CVE-2024-12593,0,0,f12fc7c4504acf17f37f7c5d482877e9fc93d8c3d7637d26d49c4eec0814f CVE-2024-12594,0,0,594b37b561926a174996b6f220ac2c193da316e698a771fbe44cfee2e4625e76,2024-12-24T06:15:33.297000 CVE-2024-12595,0,0,d10767ce84f7e81d5a6ad487503289a59f4d01b86cd7eb0b224ee74e49237f41,2025-01-06T21:15:14.003000 CVE-2024-12596,0,0,5fc66f30988060a8b7bb1a593c82bd6c3fc2c995268e617c35d93ef410dc9a09,2024-12-18T04:15:08.253000 +CVE-2024-12597,1,1,684699f256f952edb33ed570683bc28447981c03369f85af1dd4e10a06209b6c,2025-02-04T07:15:12.520000 CVE-2024-12598,0,0,2c0e6e211745cf2c8a775604eda102619f7e15adec08efbb58ccc8f252ed3240,2025-01-17T07:15:26.577000 CVE-2024-1260,0,0,237fdcd6650ec6f817190c6cbe0c450181ce5f478e263f9f314859cdec5f8244,2024-11-21T08:50:10.880000 CVE-2024-12600,0,0,9a89f3457143d9699d8148f8e38d980253f87c103b8227ed4c6349cbfe2dc493,2025-01-25T07:15:07.807000 @@ -246062,8 +246067,8 @@ CVE-2024-1311,0,0,2ba6d2321400f10c87ddc27c76143645bc9a4dbe9eea0a653dcae1cf2feda9 CVE-2024-13110,0,0,3af34e021045f1f321eb3e27d67d0cda816b86ed4d944ed6768c463b9396b88e,2025-01-02T14:15:06.240000 CVE-2024-13111,0,0,111a0995b810edb3a95164b3ad0483dc838f87262c9575afeeb4b85a996b26d6,2025-01-02T17:15:08.223000 CVE-2024-13112,0,0,b2cece3e0572e76b3e7c9fbce49d86ef4ba7edc0e4fcfe042ef2b05e125752f6,2025-01-31T16:15:31.320000 -CVE-2024-13114,1,1,e8ad2c6ab8dd4e8cc063bd936ae2d0724a24c69c79144c5b361aca2755720368,2025-02-04T06:15:27.627000 -CVE-2024-13115,1,1,32263a0dc7e500818e20521d0d2776c1ed4ae5b527defa5708c512c87917a07a,2025-02-04T06:15:28.987000 +CVE-2024-13114,0,0,e8ad2c6ab8dd4e8cc063bd936ae2d0724a24c69c79144c5b361aca2755720368,2025-02-04T06:15:27.627000 +CVE-2024-13115,0,0,32263a0dc7e500818e20521d0d2776c1ed4ae5b527defa5708c512c87917a07a,2025-02-04T06:15:28.987000 CVE-2024-13116,0,0,98f3ad6698735710def1c6baf530db546e54e66a9af268d4888f3cbf2c43dee6,2025-02-03T15:15:16.290000 CVE-2024-13117,0,0,48c4c1a0deaa83ed5f11e564cf33aba28b1ea8edfb18de9dc2dbe1b856b27247,2025-02-03T15:15:16.440000 CVE-2024-1312,0,0,d16b3ecc82cd74d4071dc20055eab0a36b43013bc6757c1d62cda1a87b890d59,2024-11-21T08:50:18.020000 @@ -246249,15 +246254,15 @@ CVE-2024-13319,0,0,7991c2dfb6aefea7f96696a61d541e78c477eeff53b34652065a2f9dce798 CVE-2024-1332,0,0,43a2cb0465d1ed7fa77b51d32b9ef650ccc5cd8e8f972f53915014a8e37bc428,2024-11-21T08:50:21.220000 CVE-2024-13323,0,0,efd40c86d011875eb32911cd9900428905ab90bbe91720def3e774b362e547ea,2025-01-14T06:15:15.480000 CVE-2024-13324,0,0,e28b727b7b2e4ff67b104bb8829ddea65c155869cb67c2e17008296310ed866b,2025-01-13T21:15:12.053000 -CVE-2024-13325,1,1,adc5b6ac4e36a66e4124bb979d166795bece8cc8f4ff27cad95ba2d4b8b49c38,2025-02-04T06:15:29.103000 -CVE-2024-13326,1,1,554f061bf45fc5f656eea462248d18e1a2149f9e188e2ceca1e5e31d39f48a2b,2025-02-04T06:15:29.227000 -CVE-2024-13327,1,1,0ce65f9fae6ad044c68ab76647165d239640746b706207c85eee2a2e91c9ffc0,2025-02-04T06:15:29.337000 -CVE-2024-13328,1,1,fd00c307dddf86081b7149978b2b078f9f0db9b73985950aa503e322adbdc3d9,2025-02-04T06:15:29.450000 -CVE-2024-13329,1,1,d245886608a3840e31e6d6b5f75478c40d86e004032b258a4dc0cf4554d309e1,2025-02-04T06:15:29.560000 +CVE-2024-13325,0,0,adc5b6ac4e36a66e4124bb979d166795bece8cc8f4ff27cad95ba2d4b8b49c38,2025-02-04T06:15:29.103000 +CVE-2024-13326,0,0,554f061bf45fc5f656eea462248d18e1a2149f9e188e2ceca1e5e31d39f48a2b,2025-02-04T06:15:29.227000 +CVE-2024-13327,0,0,0ce65f9fae6ad044c68ab76647165d239640746b706207c85eee2a2e91c9ffc0,2025-02-04T06:15:29.337000 +CVE-2024-13328,0,0,fd00c307dddf86081b7149978b2b078f9f0db9b73985950aa503e322adbdc3d9,2025-02-04T06:15:29.450000 +CVE-2024-13329,0,0,d245886608a3840e31e6d6b5f75478c40d86e004032b258a4dc0cf4554d309e1,2025-02-04T06:15:29.560000 CVE-2024-1333,0,0,7e67218d34e52c77cd12091eb7bec4820751f8a3faacd15e7977a33b9d658d65,2024-11-21T08:50:21.337000 -CVE-2024-13330,1,1,1dad346c04c6f7086d20422aad37482969e4340a41d021a4ac7377254c762a72,2025-02-04T06:15:29.683000 -CVE-2024-13331,1,1,3b7359b4576c4b744d22717940eb4dc0c10dad475a10d30a0e9d51c286b1e771,2025-02-04T06:15:29.807000 -CVE-2024-13332,1,1,5474c1f517ea45f82e1e104fea04b728cb1efada9100ff5aefd7f5ea5b54c34b,2025-02-04T06:15:29.917000 +CVE-2024-13330,0,0,1dad346c04c6f7086d20422aad37482969e4340a41d021a4ac7377254c762a72,2025-02-04T06:15:29.683000 +CVE-2024-13331,0,0,3b7359b4576c4b744d22717940eb4dc0c10dad475a10d30a0e9d51c286b1e771,2025-02-04T06:15:29.807000 +CVE-2024-13332,0,0,5474c1f517ea45f82e1e104fea04b728cb1efada9100ff5aefd7f5ea5b54c34b,2025-02-04T06:15:29.917000 CVE-2024-13333,0,0,413ea7e4b64b8aef5dd8714980de1abedc1d4af046b4d782740c89a880443e55,2025-01-17T06:15:15.663000 CVE-2024-13334,0,0,892c3ce546b2f6a66e9e4dfd761dd08aaefb851a17185548e40c2e88d5655747,2025-01-15T04:15:19.720000 CVE-2024-13335,0,0,883609986959eecbf4b52df3f1201d22b952563f6ac4db46fce38bded4906e66,2025-01-24T11:15:07.973000 @@ -246355,6 +246360,7 @@ CVE-2024-13509,0,0,4616681e9925b5001099930aae74cd3c34870295df83ba209474cc01f2631 CVE-2024-1351,0,0,0ee767ddd9bd942759d1902d3186de90141de07710cd1c9cc0aaf86395d89b28,2024-11-21T08:50:23.450000 CVE-2024-13511,0,0,b02305965489bce71acb0a7a938d412546f139d1adc27d90d538d4ecd7183b41,2025-01-23T10:15:07.253000 CVE-2024-13512,0,0,15b524ef140c14d839848665047eaf39bfa9911689193bf2e25f735ef0c619c4,2025-01-31T18:08:22.743000 +CVE-2024-13514,1,1,03526436161440ac301399cbc307440d99717485aec47f63d5d3cc842dabc4f6,2025-02-04T08:15:28.777000 CVE-2024-13515,0,0,aca8f7e0638fd7d821357389659621eb450217319a62bd2c5a959e9c0aea1b39,2025-01-18T06:15:26.410000 CVE-2024-13516,0,0,5ffb65a61f80c9c94522737749ad7061abe4071a127f73ee8fe2d406cf9b6f3f,2025-01-18T06:15:27.627000 CVE-2024-13517,0,0,9d057e77f790f2402e4e040e2e1a67384dda92aec0304812a84e741a1082d2fc,2025-01-18T07:15:09.350000 @@ -246392,6 +246398,7 @@ CVE-2024-13594,0,0,9febd445ebfdc8fdc88c1c63440d82478079fd79b1f84076d709815d4f682 CVE-2024-13596,0,0,2b347cb4a79836e676774e7c831f562b3de9868f3b716c19ca500dd58b6901ef,2025-01-31T18:16:35.347000 CVE-2024-13599,0,0,e6d509a2a498941350682b305989dea06e1bdede703c5ce8f172a4f4886ed0c4,2025-01-25T08:15:10.357000 CVE-2024-1360,0,0,da9ce5c1b0ffd132b1deac5c52879519508dab9da39cb4ccaafd03c98d8a3d6f,2024-11-21T08:50:24.707000 +CVE-2024-13607,1,1,633beb2a2a6d7ae2c71ea299ed2662752f0bc22dd7047c64857b269f6e61835c,2025-02-04T07:15:12.973000 CVE-2024-1361,0,0,8a11a93152fbfa05be2934d541581f2e8e8c1350c348ceb554a6a47ec08e0e2f,2025-01-15T18:39:23.493000 CVE-2024-13612,0,0,f0c3e3f55ca6b4ca35bac236a126cd1995e073b744e2e5e3f3cdcfc3b1871559,2025-02-01T13:15:21.320000 CVE-2024-1362,0,0,ebe61894e3dd1fecb8d4711188e9d8f7e6a2ff043508a2ee93131b033a0336dd,2025-01-15T18:40:30.490000 @@ -278093,7 +278100,7 @@ CVE-2025-0357,0,0,719c3c56dfdf01ec9140d0a0c405a54328082bf07d03312992792beeee51c0 CVE-2025-0365,0,0,924739f025699e60a77c9079ccaa4521009185df8bf4b303e903786abf0eefb1,2025-02-01T06:15:31.213000 CVE-2025-0366,0,0,fc4431d10dedc4aa4c68aeb4aa2f95c6b652d05cace4cdd54e5a03c0ad3aa5f2,2025-02-01T06:15:31.367000 CVE-2025-0367,0,0,75f9e2269f2f885d5f829700300a5bde81c357886382b8a5fae99b82b976bf2a,2025-01-30T17:15:18.097000 -CVE-2025-0368,1,1,61f51ad484a8e40cb8584e8b20399cc1f2593fe1e3977da15090e2ddf9efc6cd,2025-02-04T06:15:30.037000 +CVE-2025-0368,0,0,61f51ad484a8e40cb8584e8b20399cc1f2593fe1e3977da15090e2ddf9efc6cd,2025-02-04T06:15:30.037000 CVE-2025-0369,0,0,968f1c7b7fff7a404f2212aa81591bd64fc1ef313f079e18ed81ef90b8b12902,2025-01-18T07:15:09.720000 CVE-2025-0371,0,0,de30e603b077e64693a9f53a95b364cbc495f2694acb2d5aef6b2eb3aaaea9a8,2025-01-31T20:16:11.363000 CVE-2025-0373,0,0,aa0629a360db92c8b354a2a59688cd1f6355081a3f7cf22fb97a6ea07814aea9,2025-01-30T05:15:09.590000 @@ -278151,7 +278158,7 @@ CVE-2025-0462,0,0,7dad614f764d437d5dfbf965df87b3792548e23ef19b9c5ee869ca20188cea CVE-2025-0463,0,0,833cfce061a9e4c6aff0214160b0daaa486ede160bebd86f70699079f3bd166e,2025-01-14T17:15:21.210000 CVE-2025-0464,0,0,c8401a32c4444b2726245a3c43b8df320378bbc93ad0870418154cbe59af4a9c,2025-01-14T17:15:21.387000 CVE-2025-0465,0,0,5201faa2dfa57bd14d4b6fb9a33615d85c230f753e445d877363ab9565749298,2025-01-14T18:15:29.883000 -CVE-2025-0466,1,1,f418ad5f079728c2d0a30322cea198b7030383ad8f70afcc51d77acd2786f861,2025-02-04T06:15:30.160000 +CVE-2025-0466,0,0,f418ad5f079728c2d0a30322cea198b7030383ad8f70afcc51d77acd2786f861,2025-02-04T06:15:30.160000 CVE-2025-0470,0,0,d648604f736437a425afba4a29cc22147082a3251a261c3e63d895935200f0af,2025-01-31T04:15:09.053000 CVE-2025-0471,0,0,9169e9b54a074f1e0d8f97ed160fc9e64cab0efe853cd7456e368c08c8fa7679,2025-01-16T13:15:06.973000 CVE-2025-0472,0,0,0f40580898fe8da8d58e11b525a8aafe4140ddc85dd699a671742e2ebf135a96,2025-01-16T13:15:07.353000 @@ -278392,6 +278399,32 @@ CVE-2025-20640,0,0,40ff3414c09b58aa1346613707feda74cde698d5358816ed9981132edb8e2 CVE-2025-20641,0,0,153c26cc51726ea02952f964a6ba554db7a970cb9d0ddabf4bb6e6564c1ac555,2025-02-03T18:15:42.400000 CVE-2025-20642,0,0,50e8bd363568f17d8013d73f82eb051a0aafc70b6009943d69daf6805fbc2ca7,2025-02-03T18:15:42.623000 CVE-2025-20643,0,0,1db24172586eb4f12d5fdcafb98c66605e4bf3e8ef54a26eadf4f6c208391cf0,2025-02-03T18:15:42.860000 +CVE-2025-20881,1,1,c83437091b00f876aa04e9b526d129c928cb129e5ad7884d5370f74210e4f402,2025-02-04T08:15:28.957000 +CVE-2025-20882,1,1,69b99365842b08d26a64e97fecbfa691df26b18f27b03e4a0c81dba75093b808,2025-02-04T08:15:29.097000 +CVE-2025-20883,1,1,461448c7c259a0ef8ce0a4215584ba4c3d3f0997d2819ab8062ef14bac222e2a,2025-02-04T08:15:29.210000 +CVE-2025-20884,1,1,e915d0c12af5c6a3b53dad1e2780256f8811792c189c3e47460d1d0e5011c1c0,2025-02-04T08:15:29.340000 +CVE-2025-20885,1,1,9c35ff6bd07f9afe4a24caa0ed3c5ce83be55adaaebacc10b08dbb99936b7396,2025-02-04T08:15:29.463000 +CVE-2025-20886,1,1,e76019ad493e9166f97ed33fd6ab5d10477a249b72fc18f870dff1d06e0ab54f,2025-02-04T08:15:29.597000 +CVE-2025-20887,1,1,cf6dbb8e9d1bff53907617b2a23ee1f6f57a003cf33de860dfbe7e194a5ca92e,2025-02-04T08:15:29.720000 +CVE-2025-20888,1,1,ccb1af1564606eeb1e9fb21d505e76394a731ad8062c2aa86a6102020db959f3,2025-02-04T08:15:29.847000 +CVE-2025-20889,1,1,4beaecf30d407ddb2d0d7e20a1c0cf8ac9a3d54459c3ebe978bd9aa3814c38e1,2025-02-04T08:15:29.983000 +CVE-2025-20890,1,1,61ca94570bb18366770732cff14ceb92ddba616171f31991ade1c53ab0eed555,2025-02-04T08:15:30.140000 +CVE-2025-20891,1,1,ea5c3ece83594a7d971103d8d4dc4c3e7420de9f98d7efedf2ceffced064e217,2025-02-04T08:15:30.283000 +CVE-2025-20892,1,1,9596e214d68cfbda5c9a84a6504a34db89ef594b9869920165473a6e401f0d88,2025-02-04T08:15:30.407000 +CVE-2025-20893,1,1,16535672c4bb160cdb0cd0248dc7bba4aa8390e264ea225ec35834dfd1e48407,2025-02-04T08:15:30.537000 +CVE-2025-20894,1,1,3887dc8e479dab92cd4d51f1777d4c3b24059f6ddfaa2bec761d5617aa3104c0,2025-02-04T08:15:30.673000 +CVE-2025-20895,1,1,c00d37b32172566f698e7d761c81b11f7bafd33939103078814ebe060bc9d98e,2025-02-04T08:15:30.827000 +CVE-2025-20896,1,1,1a7f197a2f9599a78da3f31d8e20f88df1d70797533bd220ad5215dabff2278d,2025-02-04T08:15:30.973000 +CVE-2025-20897,1,1,f656b52e7893f6028e1ffb3973223d7b6ac979750d33916a8fd0d257aa519e58,2025-02-04T08:15:31.123000 +CVE-2025-20898,1,1,5cd37cef0a867f4d6e47b609ed809ee7595693dbae340fa180b2758f149e2c1a,2025-02-04T08:15:31.270000 +CVE-2025-20899,1,1,28e89899ba7af76998211535294e154c83e64d566e367e13ea960f6dc12d1c6a,2025-02-04T08:15:31.407000 +CVE-2025-20900,1,1,f59eba185a456237737a341f006c7719cf6a98d06249f866fd674378e0fa974b,2025-02-04T08:15:31.573000 +CVE-2025-20901,1,1,9199521b3ae0c71869786c5a9a124ed6f3a12df6bce3e60a3188cc7e194d7efc,2025-02-04T08:15:31.707000 +CVE-2025-20902,1,1,6df2376cb1699a6de53932b81e904d281525041d9eeee5fad3e77846cd1e9ddc,2025-02-04T08:15:31.857000 +CVE-2025-20904,1,1,3df00902a0abac044c20e6ce0eeae27b3ea2e09ab1399b3818d4edb0c7b64245,2025-02-04T08:15:32.010000 +CVE-2025-20905,1,1,98e42574bbc8877f11da1979a020bbe6270c5108c6af649bacf35534733421fe,2025-02-04T08:15:32.130000 +CVE-2025-20906,1,1,d436092b7af54f2929e8c24b2fced68db5cd0220841fa96873756ed0de7bec17,2025-02-04T08:15:32.263000 +CVE-2025-20907,1,1,08fbc69316245af44979117f75bfc85507f5538affecdc924c935ae1ce8c2fa4,2025-02-04T08:15:32.403000 CVE-2025-21083,0,0,b1f881e778d473a44d11cfcbd38b4988ccf3c0bae1e47d54950fb32a165015e0,2025-01-15T17:15:19.393000 CVE-2025-21088,0,0,2fc6ecd1dae8270574ff01139ed8a42b63c05aa457c258a8d76906ce3a93ca54,2025-01-15T16:15:32.413000 CVE-2025-21101,0,0,54fc3436ce4cfc40d8a2f15abbf941cc22582b7c164f3bb799cb159e69cf76ad,2025-01-15T05:15:09.097000 @@ -278762,6 +278795,8 @@ CVE-2025-22150,0,0,5450e471d951fbd68d5df8eea6eabd0a1b7d976d2312ac6c1b261f61f3305 CVE-2025-22151,0,0,21f9e4fddd90599ac45f0514a6d95c5510077d3d9b45eefd94598514744d82c1,2025-01-09T19:15:20.410000 CVE-2025-22152,0,0,089f04aace28abfa88265f6c9c2782b5476de8a0e353916617123187c142e722,2025-01-10T16:15:29.910000 CVE-2025-22153,0,0,25942cbccd29909e1ea0be6d083f0e8cabc6b2b46ac2d218bce2acfdeffc85bf,2025-01-23T18:15:33.267000 +CVE-2025-22204,1,1,3b42820a1800a03b8acf62ff924fd1d2e7e34ccd41795d8e793292d4cc1a4b90,2025-02-04T08:15:32.563000 +CVE-2025-22205,1,1,07ac7f8a63905a316ed7661116685ba888a790a04ad75ff39009e21a6e11f041,2025-02-04T08:15:32.703000 CVE-2025-22214,0,0,9f9cbba758088c6fe54f3b7aba457fa8b68f7e0bf397744585451dc526c7cea3,2025-01-02T04:15:06.277000 CVE-2025-22215,0,0,e26e39627ebf88fc4492196348e13c55563ef72a3b7150347ad788f5576b3be6,2025-01-08T15:15:21.927000 CVE-2025-22216,0,0,b108a47a76cc941caf7304a7cc76897ef598f7beee3219dba5477e4826578b01,2025-01-31T18:15:38.247000 @@ -279955,7 +279990,7 @@ CVE-2025-24959,0,0,3f50c1ad5f7972062b8fc24a1fe63006f07002b7278ef49137dfcb467a189 CVE-2025-24960,0,0,53a5923d99a607347416d0a9045b9aa62d1d0c885f01e9f373c8dc3c2431470d,2025-02-03T21:15:16.020000 CVE-2025-24961,0,0,2cbff65566e3cbf13800376e9c95f30416724a925e1578b879a0d47f85d2926b,2025-02-03T21:15:16.170000 CVE-2025-24962,0,0,cad0fbdcfb05076f806434170502dc17aca55f786aca2318dd6c83afd74eb9b8,2025-02-03T21:15:16.317000 -CVE-2025-24982,1,1,1f0ad84d8e07e22dc45a54eb7fe535ab050ad44dbd615392de494766094c54dc,2025-02-04T05:15:10.543000 +CVE-2025-24982,0,0,1f0ad84d8e07e22dc45a54eb7fe535ab050ad44dbd615392de494766094c54dc,2025-02-04T05:15:10.543000 CVE-2025-25062,0,0,d7cd47140e90c99ff5d70fbea50bb5a39373533859e38c36979aba1d23137e6e,2025-02-03T04:15:09.587000 CVE-2025-25063,0,0,8c34659c6a257a89c707c83868a8b18d34ee010ab7504a5a7479117985ac792f,2025-02-03T04:15:09.760000 CVE-2025-25064,0,0,3076e4ff7637d7a7b60e69dd88ee29e96116ff1d59c408ed746bbdb8163cc047,2025-02-03T20:15:37.257000