From 8c3732c90a85254a2d5258023bac385304a30c67 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 17 Feb 2025 17:03:48 +0000 Subject: [PATCH] Auto-Update: 2025-02-17T17:00:23.223353+00:00 --- CVE-2024/CVE-2024-138xx/CVE-2024-13879.json | 64 +++++++++ CVE-2025/CVE-2025-13xx/CVE-2025-1392.json | 148 ++++++++++++++++++++ README.md | 13 +- _state.csv | 8 +- 4 files changed, 223 insertions(+), 10 deletions(-) create mode 100644 CVE-2024/CVE-2024-138xx/CVE-2024-13879.json create mode 100644 CVE-2025/CVE-2025-13xx/CVE-2025-1392.json diff --git a/CVE-2024/CVE-2024-138xx/CVE-2024-13879.json b/CVE-2024/CVE-2024-138xx/CVE-2024-13879.json new file mode 100644 index 00000000000..4521e5318cc --- /dev/null +++ b/CVE-2024/CVE-2024-138xx/CVE-2024-13879.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-13879", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-02-17T16:15:15.950", + "lastModified": "2025-02-17T16:15:15.950", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Stream plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.2 due to insufficient validation on the webhook feature. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/xwp/stream/blob/develop/changelog.md#410---january-15-2025", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3226637%40stream&new=3226637%40stream&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8680ad0a-7513-408d-a62d-ffb0b0e7addb?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-13xx/CVE-2025-1392.json b/CVE-2025/CVE-2025-13xx/CVE-2025-1392.json new file mode 100644 index 00000000000..8c8f160addc --- /dev/null +++ b/CVE-2025/CVE-2025-13xx/CVE-2025-1392.json @@ -0,0 +1,148 @@ +{ + "id": "CVE-2025-1392", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-02-17T16:15:16.120", + "lastModified": "2025-02-17T16:15:16.120", + "vulnStatus": "Received", + "cveTags": [ + { + "sourceIdentifier": "cna@vuldb.com", + "tags": [ + "unsupported-when-assigned" + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in D-Link DIR-816 1.01TO and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/webproc?getpage=html/index.html&var:menu=24gwlan&var:page=24G_basic. The manipulation of the argument SSID leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 3.5, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseScore": 4.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.296023", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.296023", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.501351", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.dlink.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index eed5856e346..ce2f2dd822c 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-02-17T15:01:14.704139+00:00 +2025-02-17T17:00:23.223353+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-02-17T14:15:08.597000+00:00 +2025-02-17T16:15:16.120000+00:00 ``` ### Last Data Feed Release @@ -33,22 +33,21 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -281554 +281556 ``` ### CVEs added in the last Commit Recently added CVEs: `2` -- [CVE-2025-1391](CVE-2025/CVE-2025-13xx/CVE-2025-1391.json) (`2025-02-17T14:15:08.413`) -- [CVE-2025-21103](CVE-2025/CVE-2025-211xx/CVE-2025-21103.json) (`2025-02-17T14:15:08.597`) +- [CVE-2024-13879](CVE-2024/CVE-2024-138xx/CVE-2024-13879.json) (`2025-02-17T16:15:15.950`) +- [CVE-2025-1392](CVE-2025/CVE-2025-13xx/CVE-2025-1392.json) (`2025-02-17T16:15:16.120`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `0` -- [CVE-2025-0648](CVE-2025/CVE-2025-06xx/CVE-2025-0648.json) (`2025-02-17T13:15:09.667`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 83bb21b259e..81a5d62c742 100644 --- a/_state.csv +++ b/_state.csv @@ -246730,6 +246730,7 @@ CVE-2024-13850,0,0,6b9449e6648abb1edf82833d79485652b7d8e214965b03129c424b1f771ff CVE-2024-1386,0,0,0e88f4287d62ff6aff092302a9322ab713c8f07c6df5c6bed70e82252a8c824b,2024-11-21T08:50:28.063000 CVE-2024-13867,0,0,b22bb2f54b64760b76b696bbb0a0a23f6d99826e999c63e0854f07bc507510b1,2025-02-13T10:15:09.847000 CVE-2024-1387,0,0,8e6bcbdaec79085616e17d0cff8f7e9074033b4370339ebb2fb375231d6ccb3f,2025-01-07T18:19:26.400000 +CVE-2024-13879,1,1,9feaa77a4a107496b778129b23b28c9a020cd8ce5e3b7bb155fa8c6898d38c2d,2025-02-17T16:15:15.950000 CVE-2024-1388,0,0,4055ac29f5fc98e5c697dde8e9fd854a4a3e80aad935e1d1af922e2721330e53,2025-01-16T15:18:18.140000 CVE-2024-1389,0,0,44c915b89d8f24815db27dcf9521c10fcca5d968291afb2cbd201094aadb9d12,2025-01-27T17:15:51.567000 CVE-2024-1390,0,0,ffdeb8cc4a3b1077717739c1e237f842eedff68b0ec02858887f3acd549f9f88,2025-01-22T16:49:11.553000 @@ -278976,7 +278977,7 @@ CVE-2025-0631,0,0,a91b2711b77974f80919f9c5b372be80fd124e74c35c8b96965898a857e3e9 CVE-2025-0635,0,0,70c8222d27016e17aff5c1d526075d61ce18278ab51b947a8b84bf01759f271d,2025-01-23T11:15:10.890000 CVE-2025-0637,0,0,527088f0979b18ce444b6ef69464399256b011e8d9eae0913ca1205a9c4503aa,2025-01-23T16:15:36.617000 CVE-2025-0638,0,0,d2f28f2eed7bea7b9f8ec19bd8fd1769a6b74ef8696049ed8fd676bfab511c4b,2025-01-22T16:15:29.977000 -CVE-2025-0648,0,1,ec79ce6f39b47487aa16e0340c9bff69ff776daf1028d3a38c4c3ba8e39e1fa4,2025-02-17T13:15:09.667000 +CVE-2025-0648,0,0,ec79ce6f39b47487aa16e0340c9bff69ff776daf1028d3a38c4c3ba8e39e1fa4,2025-02-17T13:15:09.667000 CVE-2025-0650,0,0,a9fc324c64dd82aee521d1bffa9b7782cf03bd2f6e410628d7018de6f1170f96,2025-02-06T09:15:11.697000 CVE-2025-0651,0,0,e2215d27193b6db6cba4dbdda5349954e60373a439e45e60be4d39bd216d0a6b,2025-01-22T18:15:20.363000 CVE-2025-0659,0,0,a231e421d524771ecef4ddd421dffcbb4d37f1c0838cd9830fba22194e88f80c,2025-01-28T16:15:40.360000 @@ -279322,7 +279323,8 @@ CVE-2025-1381,0,0,8a9685f5e5b8ebad8a0ac5f23a89b6b3ba45fc062151114d3deac1372ed1f0 CVE-2025-1387,0,0,3471c5e221fd26cc82d790d0348e17ce666394a812c51ab6ee55856ad41c6d05,2025-02-17T04:15:08.807000 CVE-2025-1388,0,0,6166d0831a99cbb271e76281dd624232fbaf9903152209f7151545224b25416d,2025-02-17T04:15:08.960000 CVE-2025-1389,0,0,b6f1b0c672dbbad3874206b7be5adc417f88010255a18af2ae0024e0bb3a7bd5,2025-02-17T05:15:10.317000 -CVE-2025-1391,1,1,a1f2e3a8ca093b8de620c0e72b50119acca7a6fd87679168958e3acea938ff79,2025-02-17T14:15:08.413000 +CVE-2025-1391,0,0,a1f2e3a8ca093b8de620c0e72b50119acca7a6fd87679168958e3acea938ff79,2025-02-17T14:15:08.413000 +CVE-2025-1392,1,1,381fc64763a47738c9a933c7e4bcfcc84ef66c73e4a81eacddf01751da768947,2025-02-17T16:15:16.120000 CVE-2025-20014,0,0,9692e5cd581a413def58e50a6734c5a89401a76673de37fc6a41ad824a4429cc,2025-01-29T20:15:35.207000 CVE-2025-20016,0,0,6fccb84eb01c2cd66b422e82777f9738bfe5004121e1b551d0ae454724543c0e,2025-01-14T10:15:07.500000 CVE-2025-20029,0,0,9b8781ac9a16d1f4940e1c86f8d87c8f1f8e66cb5b362950b6fdcd60c25126c4,2025-02-05T18:15:29.573000 @@ -279413,7 +279415,7 @@ CVE-2025-21088,0,0,2fc6ecd1dae8270574ff01139ed8a42b63c05aa457c258a8d76906ce3a93c CVE-2025-21091,0,0,14a5f94bd4155cb401565e2a5aae76cc90c7a8d9e7b6e7f408f118d52738b6aa,2025-02-05T18:15:30.613000 CVE-2025-21101,0,0,0410baf8ce887e4bee4e642f5416b4c957a9c2a93d873e61b46c5aa6fe5ccada,2025-02-04T15:50:56.233000 CVE-2025-21102,0,0,933ca72a52260837d55d5545fa75f1f12ce9dc7f55e3f7d4f145fee0707ab4ba,2025-01-24T19:10:11.977000 -CVE-2025-21103,1,1,b6d1fa36e078291047471a4019ca1c4957d97737dc18368f9adb3746c2dfa968,2025-02-17T14:15:08.597000 +CVE-2025-21103,0,0,b6d1fa36e078291047471a4019ca1c4957d97737dc18368f9adb3746c2dfa968,2025-02-17T14:15:08.597000 CVE-2025-21107,0,0,0827735892f4001f988a0739aad719c8ee1fb9144fe1da312da1da34f24b5ce6,2025-02-07T20:01:14.760000 CVE-2025-21111,0,0,36449c466fabe660f3fc2f10d8992e6a7d9c5e3d2cf72d3dce2cc840c6da552b,2025-01-24T19:11:42.417000 CVE-2025-21117,0,0,3c59ddab13aed7617d82cbb9fbab3c190cbfe8b424cc570d2e879fe06ca6cee2,2025-02-05T14:15:27.417000