Auto-Update: 2025-01-29T09:00:44.427663+00:00

2025-05-07 11:07:05 +00:00 · 2025-01-29 09:04:11 +00:00 · 2025-01-29 09:04:11 +00:00 · 8bb50c406c
commit 8bb50c406c
parent d2e664e0f0
5 changed files with 185 additions and 10 deletions
--- a/CVE-2024/CVE-2024-120xx/CVE-2024-12085.json
+++ b/CVE-2024/CVE-2024-120xx/CVE-2024-12085.json
@ -2,7 +2,7 @@
  "id": "CVE-2024-12085",
  "sourceIdentifier": "secalert@redhat.com",
  "published": "2025-01-14T18:15:25.123",
-  "lastModified": "2025-01-28T19:15:13.630",
+  "lastModified": "2025-01-29T08:15:19.247",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
@ -76,6 +76,10 @@
      "url": "https://access.redhat.com/errata/RHSA-2025:0774",
      "source": "secalert@redhat.com"
    },
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2025:0787",
+      "source": "secalert@redhat.com"
+    },
    {
      "url": "https://access.redhat.com/security/cve/CVE-2024-12085",
      "source": "secalert@redhat.com"
--- a/CVE-2024/CVE-2024-136xx/CVE-2024-13696.json
+++ b/CVE-2024/CVE-2024-136xx/CVE-2024-13696.json
@ -0,0 +1,68 @@
+{
+  "id": "CVE-2024-13696",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-01-29T08:15:19.677",
+  "lastModified": "2025-01-29T08:15:19.677",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Flexible Wishlist for WooCommerce \u2013 Ecommerce Wishlist & Save for later plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018wishlist_name\u2019 parameter in all versions up to, and including, 1.2.25 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
+          "baseScore": 7.2,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/flexible-wishlist/trunk/assets/js/front.js",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3230370/",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://wordpress.org/plugins/flexible-wishlist/#developers",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/112456a9-8bb6-4007-87da-6d0fba912498?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-76xx/CVE-2024-7695.json
+++ b/CVE-2024/CVE-2024-76xx/CVE-2024-7695.json
@ -0,0 +1,100 @@
+{
+  "id": "CVE-2024-7695",
+  "sourceIdentifier": "psirt@moxa.com",
+  "published": "2025-01-29T08:15:19.933",
+  "lastModified": "2025-01-29T08:15:19.933",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Multiple switches are affected by an out-of-bounds write vulnerability. This vulnerability is caused by insufficient input validation, which allows data to be written to memory outside the bounds of the buffer. Successful exploitation of this vulnerability could result in a denial-of-service attack. \n\nThis vulnerability poses a significant remote threat if the affected products are exposed to publicly accessible networks. Attackers could potentially disrupt operations by shutting down the affected systems. Due to the critical nature of this security risk, we strongly recommend taking immediate action to prevent its potential exploitation."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "psirt@moxa.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "baseScore": 8.7,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "vulnerableSystemConfidentiality": "NONE",
+          "vulnerableSystemIntegrity": "NONE",
+          "vulnerableSystemAvailability": "HIGH",
+          "subsequentSystemConfidentiality": "NONE",
+          "subsequentSystemIntegrity": "NONE",
+          "subsequentSystemAvailability": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirements": "NOT_DEFINED",
+          "integrityRequirements": "NOT_DEFINED",
+          "availabilityRequirements": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
+          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
+          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
+          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
+          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
+          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
+          "safety": "NOT_DEFINED",
+          "automatable": "NOT_DEFINED",
+          "recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED"
+        }
+      }
+    ],
+    "cvssMetricV31": [
+      {
+        "source": "psirt@moxa.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@moxa.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-787"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240162-cve-2024-7695-out-of-bounds-write-vulnerability-identified-in-multiple-pt-switches",
+      "source": "psirt@moxa.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2025-01-29T07:00:21.555533+00:00
+2025-01-29T09:00:44.427663+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2025-01-29T06:15:30.670000+00:00
+2025-01-29T08:15:19.933000+00:00
 ```

 ### Last Data Feed Release
@ -33,21 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-279358
+279360
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `1`
+Recently added CVEs: `2`

- [CVE-2024-12749](CVE-2024/CVE-2024-127xx/CVE-2024-12749.json) (`2025-01-29T06:15:30.387`)
+- [CVE-2024-13696](CVE-2024/CVE-2024-136xx/CVE-2024-13696.json) (`2025-01-29T08:15:19.677`)
+- [CVE-2024-7695](CVE-2024/CVE-2024-76xx/CVE-2024-7695.json) (`2025-01-29T08:15:19.933`)


 ### CVEs modified in the last Commit

 Recently modified CVEs: `1`

- [CVE-2024-3913](CVE-2024/CVE-2024-39xx/CVE-2024-3913.json) (`2025-01-29T06:15:30.670`)
+- [CVE-2024-12085](CVE-2024/CVE-2024-120xx/CVE-2024-12085.json) (`2025-01-29T08:15:19.247`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -245179,7 +245179,7 @@ CVE-2024-1208,0,0,3c4b0e7895c1837530e812c9d592f58958b18ef870d236a49969dfb3f5e669
 CVE-2024-12082,0,0,d67c450c190c0364d4b144dcd382bc569f8e4f4f12ff2a960005828e083c85c7,2024-12-11T17:12:56.793000
 CVE-2024-12083,0,0,d43543ed1a2c4c8cfbaff70b85f71ffc7dc15514475ec8e8bc46a80ffd753fb3,2025-01-14T01:15:09.267000
 CVE-2024-12084,0,0,85dd725fc2f0b24c79e999378b1f0199fad5fe5d164b31609c57a84bcb434c0d,2025-01-15T15:15:10.537000
-CVE-2024-12085,0,0,0b3f67b146b5cf234037ad71331d36ffee2667252d390f670b9aee26d30279b7,2025-01-28T19:15:13.630000
+CVE-2024-12085,0,1,213a2fdbe8cea793aa5c5b1fc44d03bef42e730164368fae39f280c0d2967618,2025-01-29T08:15:19.247000
 CVE-2024-12086,0,0,e5130c03152639985c3e2f822b45f241716bd573825b1ce309364a23fc10467b,2025-01-14T22:15:26.370000
 CVE-2024-12087,0,0,083db16c2a7b9baa1b397fd2cd269bff2aa8f7c2646d1851d134f1f8a052e34a,2025-01-14T22:15:26.503000
 CVE-2024-12088,0,0,789608af69629f4130f54998ea59694fde701c19a329a9d8093e26a51277e55d,2025-01-14T22:15:26.600000
@ -245701,7 +245701,7 @@ CVE-2024-12744,0,0,db2cef6174f0f203336fd1a602951ac160bef125d0730a8230a23f49ec8a8
 CVE-2024-12745,0,0,d39132eefd07723f30fb227ef12fb8aaf3a83b250d0f3b28d89ab1e076f94541,2024-12-26T15:15:06.527000
 CVE-2024-12746,0,0,df5c191123ddac7611e41b52ec167446638f37d1f7bfb5919f7163608ca92308,2024-12-26T15:15:06.650000
 CVE-2024-12747,0,0,ebc91191d07badeb79dc6f2f702ff942b05784a8436470a9a76f1e6a5f2c2932,2025-01-14T22:15:26.700000
-CVE-2024-12749,1,1,fc313d5feab22f8121324f61a74b655471231ec246bb75d52bc817604d98fc50,2025-01-29T06:15:30.387000
+CVE-2024-12749,0,0,fc313d5feab22f8121324f61a74b655471231ec246bb75d52bc817604d98fc50,2025-01-29T06:15:30.387000
 CVE-2024-1275,0,0,55e303d499b7cd70146b064f11442ebd0ad45cafbb26b305d69871c04faa255a,2024-11-21T08:50:12.913000
 CVE-2024-12751,0,0,c8d36ab052c0d3e9ec35af9571e74ed832930012381575b9dc1af30fc71ca134,2024-12-30T21:15:06.130000
 CVE-2024-12752,0,0,23a1df67098cb18d5a208109678c48c3e7913067d5db32571522e50bc90bc4a8,2024-12-30T21:15:06.260000
@ -246270,6 +246270,7 @@ CVE-2024-1368,0,0,e78cd290aff3eda879ea71814281e9fb9dbaef60630fac7d18ff14dae3d223
 CVE-2024-13680,0,0,f3164c1a021ffb39e27590d49b20eab131951c6817a6dc8655e0dfc9f53950e4,2025-01-24T07:15:06.930000
 CVE-2024-13683,0,0,afca8ca5733f1981ab92ff6f92163a36f62ba84bc4cae91c9eb4b4db6612f745,2025-01-24T07:15:08.523000
 CVE-2024-1369,0,0,6f4848b431d59906fc570cd21627f350db35226c120e93c5a8a911f55c4de4fa,2024-11-21T08:50:25.857000
+CVE-2024-13696,1,1,1705bcf2f6a6958e20414c0c17b533dd95f6dfcba36bb76e0b9f7d75e553f199,2025-01-29T08:15:19.677000
 CVE-2024-13698,0,0,dc17e4312525981bb14f68ea913383417af07334780551d0e9684f2f5489da45,2025-01-24T16:15:34.597000
 CVE-2024-1370,0,0,9f0498253935aff35f1be521427ae96ebc633e827d9cc62afad8ecd6626aa44f,2024-11-21T08:50:26.027000
 CVE-2024-13709,0,0,7d11e0e002d231ab97d4c4838853b33e61be12c236e56c435ef75a396b4f88ea,2025-01-25T04:15:07.670000
@ -261673,7 +261674,7 @@ CVE-2024-39124,0,0,b89a6ad01be86442200dfda8e2d9f478ea1466944e9cfcad7239db5ce8bf7
 CVE-2024-39125,0,0,d369e2cc9d5a90f6ebe45980f2884b9acd269ec9ed2d8c8513e72acecc0e2e5c,2024-11-21T09:27:13.103000
 CVE-2024-39126,0,0,e08f3abe2cc1e738b288970bae9e8f3bc74af350f44daa14e3f45bb5bc1b07ca,2024-11-21T09:27:13.267000
 CVE-2024-39129,0,0,19eb1dee58afa6c2767224231ffaf92ccdb5b37e3b078ec5f75eeb24861f8743,2024-12-06T21:15:07.637000
-CVE-2024-3913,0,1,3c39a97f2a23817f5f07256146450bb9bcd789a6d6dfbbfd042d028223df0681,2025-01-29T06:15:30.670000
+CVE-2024-3913,0,0,3c39a97f2a23817f5f07256146450bb9bcd789a6d6dfbbfd042d028223df0681,2025-01-29T06:15:30.670000
 CVE-2024-39130,0,0,680e4171889397762b2c1496bb01f8837a0c47429b2e74914705378acf24913d,2024-11-21T09:27:13.560000
 CVE-2024-39132,0,0,780fc2d7cf4ecdd788c1657c626f8740dd8fc2e66c418edfb8cd97eda04189a2,2024-11-21T09:27:13.773000
 CVE-2024-39133,0,0,1fd24f61073967354c204318abe7b3082fbfa1d2c08fcb3fb3cfe3c5e50db3b7,2024-11-21T09:27:13.993000
@ -275749,6 +275750,7 @@ CVE-2024-7691,0,0,6dad0c769fb572b88a068528267f61949164dc392b80af6f168258a6b2c7f6
 CVE-2024-7692,0,0,4b38ff30e017e91d8a002928077306fde8ee04d0be5e9045460020d6ccc3af22,2024-10-04T17:14:50.990000
 CVE-2024-7693,0,0,dd3e43863a4776bf6aa9cee54c3310fd08dfe98f5bd8663ebc12432cb7153f16,2024-09-06T16:51:35.647000
 CVE-2024-7694,0,0,3a2582a984429d8c89c3dd71bc863aef01ff80b7baff4f3e3f71f54998d90a46,2024-09-06T17:24:42.573000
+CVE-2024-7695,1,1,9dd5f87b950b58727d2e2a28297a0af3ae776c663d9f14eb97db04400ecfdd7b,2025-01-29T08:15:19.933000
 CVE-2024-7696,0,0,f0052f9d5e178b3ea159f04ebcfd4751f930fb606630e5cab2ff7b8b63a94d0f,2025-01-07T06:15:17.827000
 CVE-2024-7697,0,0,122b8f72aeda3c5b2d61460f1dce24bd382a6f877b1c3f9efb3e322459b58ee0,2024-09-06T18:04:28.030000
 CVE-2024-7698,0,0,28382cbcfd0fa7ea6a7d15c9ccdd01abba2e948df9ed5ab95948fe232327814d,2024-09-27T19:39:43.350000