Auto-Update: 2025-02-21T11:00:29.838951+00:00

This commit is contained in:
cad-safe-bot 2025-02-21 11:03:56 +00:00
parent c6292c052d
commit 9059eacb48
12 changed files with 741 additions and 6 deletions

View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-12276",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-02-21T10:15:10.290",
"lastModified": "2025-02-21T10:15:10.290",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to second-order SQL Injection via filenames in all versions up to, and including, 2.9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with access to upload files and manage filenames through a third-party plugin like a File Manager, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The risk of this vulnerability is very minimal as it requires a user to be able to manipulate filenames in order to successfully exploit."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3242743/ultimate-member/tags/2.10.0/includes/core/class-uploader.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/846f9828-2f1f-4d08-abfb-909b8d634d8a?source=cve",
"source": "security@wordfence.com"
}
]
}

View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-12452",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-02-21T10:15:10.457",
"lastModified": "2025-02-21T10:15:10.457",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Ziggeo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ziggeo_event' shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/ziggeo/tags/3.1/core/events.php#L52",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3242184%40ziggeo&new=3242184%40ziggeo&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/be82095d-2b15-432e-a667-523286fa9629?source=cve",
"source": "security@wordfence.com"
}
]
}

View File

@ -0,0 +1,72 @@
{
"id": "CVE-2024-13353",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-02-21T10:15:10.607",
"lastModified": "2025-02-21T10:15:10.607",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Responsive Addons for Elementor \u2013 Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.4 via several widgets. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-98"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/responsive-addons-for-elementor/trunk/includes/widgets-manager/widgets/woocommerce/class-responsive-addons-for-elementor-product-carousel.php#L3151",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/responsive-addons-for-elementor/trunk/includes/widgets-manager/widgets/woocommerce/class-responsive-addons-for-elementor-woo-products.php#L3725",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3226779/responsive-addons-for-elementor/tags/1.6.5/includes/widgets-manager/widgets/woocommerce/class-responsive-addons-for-elementor-product-carousel.php",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3226779/responsive-addons-for-elementor/tags/1.6.5/includes/widgets-manager/widgets/woocommerce/class-responsive-addons-for-elementor-woo-products.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/98df88f8-5aeb-4f57-8525-6a9357173b1d?source=cve",
"source": "security@wordfence.com"
}
]
}

View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-13461",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-02-21T10:15:10.767",
"lastModified": "2025-02-21T10:15:10.767",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Autoship Cloud for WooCommerce Subscription Products plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'autoship-create-scheduled-order-action' shortcode in all versions up to, and including, 2.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3242136%40autoship-cloud&new=3242136%40autoship-cloud&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0ae16c4e-0151-4414-8612-ec8eb92505fd?source=cve",
"source": "security@wordfence.com"
}
]
}

View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-13648",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-02-21T10:15:10.927",
"lastModified": "2025-02-21T10:15:10.927",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Maps for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'MapOnePoint' shortcode in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3226414%40maps-for-wp&new=3226414%40maps-for-wp&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3242174%40maps-for-wp&new=3242174%40maps-for-wp&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a16c8b5d-fd93-49b4-b1d7-f4cd9248aef3?source=cve",
"source": "security@wordfence.com"
}
]
}

View File

@ -0,0 +1,82 @@
{
"id": "CVE-2025-0727",
"sourceIdentifier": "emo@eclipse.org",
"published": "2025-02-21T09:15:09.010",
"lastModified": "2025-02-21T09:15:09.010",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before \nversion 6.4.2, an attacker can cause an integer underflow and a \nsubsequent denial of service by writing a very large file, by specially \ncrafted packets with Content-Length in one packet smaller than the data \nrequest size of the other packet. A possible workaround is to disable \nHTTP PUT support."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "emo@eclipse.org",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "emo@eclipse.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-191"
}
]
}
],
"references": [
{
"url": "https://github.com/eclipse-threadx/netxduo/commit/c78d650be7377aae1a8704bc0ce5cc6f9f189014",
"source": "emo@eclipse.org"
},
{
"url": "https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-jf6x-9mgc-p72w",
"source": "emo@eclipse.org"
}
]
}

View File

@ -0,0 +1,82 @@
{
"id": "CVE-2025-0728",
"sourceIdentifier": "emo@eclipse.org",
"published": "2025-02-21T09:15:10.077",
"lastModified": "2025-02-21T09:15:10.077",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before \nversion 6.4.2, an attacker can cause an integer underflow and a \nsubsequent denial of service by writing a very large file, by specially \ncrafted packets with Content-Length smaller than the data request size. A\n possible workaround is to disable HTTP PUT support."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "emo@eclipse.org",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "emo@eclipse.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-191"
}
]
}
],
"references": [
{
"url": "https://github.com/eclipse-threadx/netxduo/commit/c78d650be7377aae1a8704bc0ce5cc6f9f189014",
"source": "emo@eclipse.org"
},
{
"url": "https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-hqp7-4q26-6wqf",
"source": "emo@eclipse.org"
}
]
}

View File

@ -0,0 +1,64 @@
{
"id": "CVE-2025-1410",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-02-21T09:15:10.200",
"lastModified": "2025-02-21T09:15:10.200",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Events Calendar Made Simple \u2013 Pie Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's piecal shortcode in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3243992/",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/pie-calendar/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fcaea2fb-ebf8-49b4-8cd5-0d9208252a90?source=cve",
"source": "security@wordfence.com"
}
]
}

View File

@ -0,0 +1,86 @@
{
"id": "CVE-2025-1470",
"sourceIdentifier": "emo@eclipse.org",
"published": "2025-02-21T10:15:11.243",
"lastModified": "2025-02-21T10:15:11.243",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Eclipse OMR, from the initial contribution to version 0.4.0, some OMR internal port library and utilities consumers of z/OS atoe functions do not check their return values for NULL memory pointers or for memory allocation failures. This can lead to NULL pointer dereference crashes. Beginning in version 0.5.0, internal OMR consumers of atoe functions handle NULL return values and memory allocation failures correctly."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "emo@eclipse.org",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "emo@eclipse.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://github.com/eclipse-omr/omr/pull/7655",
"source": "emo@eclipse.org"
},
{
"url": "https://github.com/eclipse-omr/omr/pull/7663",
"source": "emo@eclipse.org"
},
{
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/54",
"source": "emo@eclipse.org"
}
]
}

View File

@ -0,0 +1,82 @@
{
"id": "CVE-2025-1471",
"sourceIdentifier": "emo@eclipse.org",
"published": "2025-02-21T10:15:11.413",
"lastModified": "2025-02-21T10:15:11.413",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Eclipse OMR versions 0.2.0 to 0.4.0, some of the z/OS atoe print functions use a constant length buffer for string conversion. If the input format string and arguments are larger than the buffer size then buffer overflow occurs. Beginning in version 0.5.0, the conversion buffers are sized correctly and checked appropriately to prevent buffer overflows."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "emo@eclipse.org",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "emo@eclipse.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://github.com/eclipse-omr/omr/pull/7658",
"source": "emo@eclipse.org"
},
{
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/55",
"source": "emo@eclipse.org"
}
]
}

View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2025-02-21T09:00:51.176393+00:00
2025-02-21T11:00:29.838951+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2025-02-21T08:15:28.417000+00:00
2025-02-21T10:15:11.413000+00:00
```
### Last Data Feed Release
@ -33,14 +33,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
281989
281999
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `10`
- [CVE-2025-0726](CVE-2025/CVE-2025-07xx/CVE-2025-0726.json) (`2025-02-21T08:15:28.417`)
- [CVE-2024-12276](CVE-2024/CVE-2024-122xx/CVE-2024-12276.json) (`2025-02-21T10:15:10.290`)
- [CVE-2024-12452](CVE-2024/CVE-2024-124xx/CVE-2024-12452.json) (`2025-02-21T10:15:10.457`)
- [CVE-2024-13353](CVE-2024/CVE-2024-133xx/CVE-2024-13353.json) (`2025-02-21T10:15:10.607`)
- [CVE-2024-13461](CVE-2024/CVE-2024-134xx/CVE-2024-13461.json) (`2025-02-21T10:15:10.767`)
- [CVE-2024-13648](CVE-2024/CVE-2024-136xx/CVE-2024-13648.json) (`2025-02-21T10:15:10.927`)
- [CVE-2025-0727](CVE-2025/CVE-2025-07xx/CVE-2025-0727.json) (`2025-02-21T09:15:09.010`)
- [CVE-2025-0728](CVE-2025/CVE-2025-07xx/CVE-2025-0728.json) (`2025-02-21T09:15:10.077`)
- [CVE-2025-1410](CVE-2025/CVE-2025-14xx/CVE-2025-1410.json) (`2025-02-21T09:15:10.200`)
- [CVE-2025-1470](CVE-2025/CVE-2025-14xx/CVE-2025-1470.json) (`2025-02-21T10:15:11.243`)
- [CVE-2025-1471](CVE-2025/CVE-2025-14xx/CVE-2025-1471.json) (`2025-02-21T10:15:11.413`)
### CVEs modified in the last Commit

View File

@ -245599,6 +245599,7 @@ CVE-2024-12271,0,0,e756524ee3996486f46fc9dfb0848744c8a90daec55e50296545ffd31d194
CVE-2024-12272,0,0,cbbb238a5fc49c4ada4f96dbd5ec3bf6a1bab33a6ad37ef5b0235e516631a83b,2024-12-25T04:15:06.457000
CVE-2024-12274,0,0,754c33d384166421b8530c0b6be4d1f50e294eb962f01142a13c10f72064a9a9,2025-01-13T15:15:07.727000
CVE-2024-12275,0,0,b6c89aad753f4288f4ee3eb48d039165a7e55489cd8f246e0432f82458e25832,2025-01-31T17:15:11.957000
CVE-2024-12276,1,1,ac87679c832d171d2f05cc5a33dd2cbdfb1662932e63d4d23d1bd768125d730d,2025-02-21T10:15:10.290000
CVE-2024-12279,0,0,28f926ab6f57c2b10bee59d6914cc0152fa6a23fa0d172ad6d11e3d9d407b5c2,2025-01-04T12:15:24.453000
CVE-2024-1228,0,0,02a2d35b9c29d8600ba5afee210d0e6465f5ee41eb5d9edcafc9d5f9e15f44ef,2024-11-21T08:50:06.280000
CVE-2024-12280,0,0,877a1ef9090370a5789c2e7362afe046232f3567d1b51a01b5cd894549fa6293,2025-01-28T21:15:16.317000
@ -245753,6 +245754,7 @@ CVE-2024-12448,0,0,4923580d5a5f99d530db30df1f25529a66e5faa8f94f1d2c65ae42b9f669a
CVE-2024-12449,0,0,5fcc22f14406311e0fc83130f321673a9681bcd45ccd4b15a7e6df2428ef10f4,2024-12-18T04:15:08.103000
CVE-2024-1245,0,0,95e8542ba13fb11ab7fe96b21acceb5168a3d85655e46eadbf4243e255ea26c4,2024-11-21T08:50:08.740000
CVE-2024-12451,0,0,67c653f5b766de9eabac31aac33935b0d524840bf4e4a950cc1dfb440a57f21e,2025-01-31T18:55:11.707000
CVE-2024-12452,1,1,7d880a9042e36d32233de02d3a7a57b792407a1771be133aa9843ea62498cb99,2025-02-21T10:15:10.457000
CVE-2024-12453,0,0,76ad3f9c42446921081688745051c38b136a07ee1614804cd400b083fd2b395b,2025-01-07T05:15:19.260000
CVE-2024-12454,0,0,8d73661dfeacd698ba1638817b062fe681bc6bd2d9cfe150642a15e6ed3c799a,2024-12-18T10:15:08.117000
CVE-2024-12457,0,0,8b6dcd10765fdf34de144f9bc8c49e92cdcb9e82bb357349c5178d12bb4f5cd7,2025-01-07T05:15:19.453000
@ -246539,6 +246541,7 @@ CVE-2024-13349,0,0,1a00cf757b3ec26bd50ea0e563207e24798d3893002c58755b8b9af1d4127
CVE-2024-1335,0,0,82fb69da532892baa7a81804ae338bd46e69a8bbbad77be8c22b678b91bcc8f9,2024-12-31T16:50:11.167000
CVE-2024-13351,0,0,7985eca9113b0e4ff9b5606ce71f06a97acfce6eac97b8c91847c6875b508284,2025-01-15T10:15:07.993000
CVE-2024-13352,0,0,e3b517ead7778233dbb1fb4b3ec3651780c4dec33a82aff69cd76909bd75eb05,2025-02-07T16:15:35.960000
CVE-2024-13353,1,1,5a8f3045058a1f00f14443cb43400264ab271ef4f72330e58ff7dad66a3150ca,2025-02-21T10:15:10.607000
CVE-2024-13354,0,0,70c8df8ffc765e671782c1c5275e6f7668ade0103b0f3f6fd1920147a9a818fb,2025-02-05T01:36:55.960000
CVE-2024-13355,0,0,b14926ff025e929de229a84af4734d711f0473d16ba82bc6498a7b20173af029,2025-01-16T10:15:08.750000
CVE-2024-13356,0,0,4c62ebf770eb8ffd31345cb0ef6c5025a9e134a147f2b545dcf049e579341f09,2025-02-04T10:15:07.920000
@ -246627,6 +246630,7 @@ CVE-2024-13458,0,0,b0c82b9a6a2ae8ab3e75191e77bf09ecd6761e542d7fe4c0d50e106a0dd34
CVE-2024-13459,0,0,a9fe845bd277299369bc3f6cedb4f513e577d0a95806c4e189fd9614c9d6fa2e,2025-02-18T19:11:47.197000
CVE-2024-1346,0,0,67674c75c08ebc67974102102d05a3921f8c61d1fe386fe7de33f2c37b3bc24d,2024-11-21T08:50:22.793000
CVE-2024-13460,0,0,9c101ce4e9a0b77c24ea9727b59b3a3bfa4cbf94a343064a0ab69a083a2820cf,2025-01-31T18:07:24.277000
CVE-2024-13461,1,1,7310b23419daedb24e559d3e84e89095cccd323ffb73d8e4bc88880b2b6bd17b,2025-02-21T10:15:10.767000
CVE-2024-13462,0,0,bd808375ae18220a9dd6d9ebbed45c53c83edb8ab02aeb633cd1274f400f3576,2025-02-19T08:15:15.620000
CVE-2024-13463,0,0,a74bd740de3fc458ef5c03de3331d5acaeffdc8e1dd114982c1f405dca936e7c,2025-01-31T04:15:07.497000
CVE-2024-13464,0,0,c7ce95854847c11fde5a1ddc21e150442b9e815758c964241dcc7c0eae02ec39,2025-02-18T05:15:11.673000
@ -246777,6 +246781,7 @@ CVE-2024-13642,0,0,e62737ae89b22b0d2ca4d332b68aa19e6175af0f52e0500481826051778e9
CVE-2024-13643,0,0,976eb3748a453f62f41c154b29792936c30855f6728fa73bdd9cf169ffa6a36c,2025-02-11T08:15:30.450000
CVE-2024-13644,0,0,103d60e076f3c7bd4ae30253359a8c34e6a584ab6c0d85823d2a2e5827ff1420,2025-02-13T02:15:29.320000
CVE-2024-13646,0,0,df579ebc80f166383afd2bf72cceedaa012995a592dad78c8758f9a4e2dd62bd,2025-01-31T18:19:45.780000
CVE-2024-13648,1,1,f589efbdd78e1f30099fe430f3ef2d8f3f3a111a9876802924f438e5321ec20b,2025-02-21T10:15:10.927000
CVE-2024-1365,0,0,0f6156fbf2b7d3a217bf5d4ee39b3ca345099663b38e102dcb249b872d4e92ab,2024-11-21T08:50:25.350000
CVE-2024-13651,0,0,7254671bcf096b25864421ea702cf7c7150d2b6e2d950cb4a4179c92a42d85a9,2025-02-01T04:15:30.997000
CVE-2024-13652,0,0,ed8d8236d1a3115f336400cbdd4ac56e250a414778c3b1c32835210395f1f04d,2025-01-31T18:21:53.167000
@ -279272,7 +279277,9 @@ CVE-2025-0720,0,0,602262593ab5841efad088d2b78c277a4b7966a622beefaf31478d2cb38267
CVE-2025-0721,0,0,9b15b019b479c4479137e55c74f2da2652b1f56c2d67e45558507ea73a96e795,2025-01-27T00:15:26.317000
CVE-2025-0722,0,0,d286657780f2322cec5dfe4e8af4674bbdc5e8a8b778a753270cdbdd213a2c1d,2025-01-27T00:15:26.517000
CVE-2025-0725,0,0,933a9ff65143c6df56b3e49502ce5d61c7538865f62de87a7e6b7da33078c72d,2025-02-06T19:15:19.733000
CVE-2025-0726,1,1,212658285d0dca65eb38afbe2d0cc022419c14eff42b3a61d47e964a9493cddf,2025-02-21T08:15:28.417000
CVE-2025-0726,0,0,212658285d0dca65eb38afbe2d0cc022419c14eff42b3a61d47e964a9493cddf,2025-02-21T08:15:28.417000
CVE-2025-0727,1,1,bb76426d7360ab591b4341810574104175a8b841230e45a68fe25f6f54b22f96,2025-02-21T09:15:09.010000
CVE-2025-0728,1,1,fbe2ca789a8cd169b541c150bb8deacad0a074160227e69d375dcc5d934fc86c,2025-02-21T09:15:10.077000
CVE-2025-0729,0,0,47f7aa1143af5ff386851185d07322b33da91a6c70254019e675c66f6b698c27,2025-01-27T17:15:16.917000
CVE-2025-0730,0,0,2af04aa386ac678a6fc944dd8f7ba46d52548cae0bde338f3a493a49b6512319,2025-01-27T17:15:17.133000
CVE-2025-0732,0,0,1ce675ab3efd6ec96092631e523be68cbc1c9a729d4a9ad32dfbaf47ed4ee068,2025-01-27T18:15:40.550000
@ -279624,6 +279631,7 @@ CVE-2025-1391,0,0,a1f2e3a8ca093b8de620c0e72b50119acca7a6fd87679168958e3acea938ff
CVE-2025-1392,0,0,381fc64763a47738c9a933c7e4bcfcc84ef66c73e4a81eacddf01751da768947,2025-02-17T16:15:16.120000
CVE-2025-1406,0,0,4b4d1ff21a0ba0811215bc35d6774baf51e77603ba63fc9e650d11b6ceed4f86,2025-02-21T04:15:10.347000
CVE-2025-1407,0,0,70f77407081cff4de8b8d13a9badac21a5019470fe2d018139382b1f1331d1e8,2025-02-21T04:15:10.510000
CVE-2025-1410,1,1,f4fa6259cc030a3c18635b5a57715bd57396d86c3ee145748700746fe04576c9,2025-02-21T09:15:10.200000
CVE-2025-1414,0,0,b6f2fa5b41b9076d018bd1d274a1717bfb4b17a7162b38316b8f5f46b587bbc9,2025-02-18T21:15:25.440000
CVE-2025-1426,0,0,b67c79264aa66cdef5e5d9ec5a4b31cb1b09b1607a3ca51cd7f8f759ad39f482,2025-02-19T20:15:36.467000
CVE-2025-1441,0,0,dea0748ac4805add0b5a620a8c550d3c2cb9f813ccabe70b3df2355bbf5d5eab,2025-02-19T05:15:12.050000
@ -279631,6 +279639,8 @@ CVE-2025-1447,0,0,0171066f5cc38b75ed48310b7b051ba77753a7de710aef2fb49270a13c1b06
CVE-2025-1448,0,0,8646602fe654ea9c8b8dc30e88ebd580a07aa04ffb2e255dc4fb4a77857c3ea4,2025-02-19T02:15:08.833000
CVE-2025-1464,0,0,b14d16c6baac3507cd4582169a63151cc0fa9ea50d60b1fe8184ca7d2a79a3df,2025-02-19T14:15:30.337000
CVE-2025-1465,0,0,2910b362fc4eb01a626127c50d683f7ea305894f7d9657ebb7cc043987c8c3ee,2025-02-19T16:15:40.667000
CVE-2025-1470,1,1,c431c34122bd455693ae857da134c11078dd424d889a110192af0d8789781c00,2025-02-21T10:15:11.243000
CVE-2025-1471,1,1,5f2308ef243e2997d93c627b7cee213af79efe1fdd8602f268a3ff3acb063cf9,2025-02-21T10:15:11.413000
CVE-2025-1483,0,0,76cafe28555a10dbbf45546d6f75e89aec9e95ad54aaa4bc0e47714c7e682b94,2025-02-20T10:15:12.537000
CVE-2025-1492,0,0,4cf0d4c2a3031b043d71ffc226830ce9ea797081b5a3ae5a1323a931931fb733,2025-02-20T02:15:38.553000
CVE-2025-20014,0,0,9692e5cd581a413def58e50a6734c5a89401a76673de37fc6a41ad824a4429cc,2025-01-29T20:15:35.207000

Can't render this file because it is too large.