diff --git a/CVE-2024/CVE-2024-122xx/CVE-2024-12276.json b/CVE-2024/CVE-2024-122xx/CVE-2024-12276.json new file mode 100644 index 00000000000..eb63ac4fb0c --- /dev/null +++ b/CVE-2024/CVE-2024-122xx/CVE-2024-12276.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12276", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-02-21T10:15:10.290", + "lastModified": "2025-02-21T10:15:10.290", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to second-order SQL Injection via filenames in all versions up to, and including, 2.9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with access to upload files and manage filenames through a third-party plugin like a File Manager, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The risk of this vulnerability is very minimal as it requires a user to be able to manipulate filenames in order to successfully exploit." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3242743/ultimate-member/tags/2.10.0/includes/core/class-uploader.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/846f9828-2f1f-4d08-abfb-909b8d634d8a?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12452.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12452.json new file mode 100644 index 00000000000..5ad805e39a9 --- /dev/null +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12452.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-12452", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-02-21T10:15:10.457", + "lastModified": "2025-02-21T10:15:10.457", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Ziggeo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ziggeo_event' shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/ziggeo/tags/3.1/core/events.php#L52", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3242184%40ziggeo&new=3242184%40ziggeo&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/be82095d-2b15-432e-a667-523286fa9629?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-133xx/CVE-2024-13353.json b/CVE-2024/CVE-2024-133xx/CVE-2024-13353.json new file mode 100644 index 00000000000..af1396c2474 --- /dev/null +++ b/CVE-2024/CVE-2024-133xx/CVE-2024-13353.json @@ -0,0 +1,72 @@ +{ + "id": "CVE-2024-13353", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-02-21T10:15:10.607", + "lastModified": "2025-02-21T10:15:10.607", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Responsive Addons for Elementor \u2013 Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.4 via several widgets. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/responsive-addons-for-elementor/trunk/includes/widgets-manager/widgets/woocommerce/class-responsive-addons-for-elementor-product-carousel.php#L3151", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/responsive-addons-for-elementor/trunk/includes/widgets-manager/widgets/woocommerce/class-responsive-addons-for-elementor-woo-products.php#L3725", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3226779/responsive-addons-for-elementor/tags/1.6.5/includes/widgets-manager/widgets/woocommerce/class-responsive-addons-for-elementor-product-carousel.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3226779/responsive-addons-for-elementor/tags/1.6.5/includes/widgets-manager/widgets/woocommerce/class-responsive-addons-for-elementor-woo-products.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/98df88f8-5aeb-4f57-8525-6a9357173b1d?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-134xx/CVE-2024-13461.json b/CVE-2024/CVE-2024-134xx/CVE-2024-13461.json new file mode 100644 index 00000000000..d0263b4a6a8 --- /dev/null +++ b/CVE-2024/CVE-2024-134xx/CVE-2024-13461.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-13461", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-02-21T10:15:10.767", + "lastModified": "2025-02-21T10:15:10.767", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Autoship Cloud for WooCommerce Subscription Products plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'autoship-create-scheduled-order-action' shortcode in all versions up to, and including, 2.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3242136%40autoship-cloud&new=3242136%40autoship-cloud&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0ae16c4e-0151-4414-8612-ec8eb92505fd?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-136xx/CVE-2024-13648.json b/CVE-2024/CVE-2024-136xx/CVE-2024-13648.json new file mode 100644 index 00000000000..d7a9b2d51b3 --- /dev/null +++ b/CVE-2024/CVE-2024-136xx/CVE-2024-13648.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-13648", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-02-21T10:15:10.927", + "lastModified": "2025-02-21T10:15:10.927", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Maps for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'MapOnePoint' shortcode in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3226414%40maps-for-wp&new=3226414%40maps-for-wp&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3242174%40maps-for-wp&new=3242174%40maps-for-wp&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a16c8b5d-fd93-49b4-b1d7-f4cd9248aef3?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-07xx/CVE-2025-0727.json b/CVE-2025/CVE-2025-07xx/CVE-2025-0727.json new file mode 100644 index 00000000000..1c690730320 --- /dev/null +++ b/CVE-2025/CVE-2025-07xx/CVE-2025-0727.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2025-0727", + "sourceIdentifier": "emo@eclipse.org", + "published": "2025-02-21T09:15:09.010", + "lastModified": "2025-02-21T09:15:09.010", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before \nversion 6.4.2, an attacker can cause an integer underflow and a \nsubsequent denial of service by writing a very large file, by specially \ncrafted packets with Content-Length in one packet smaller than the data \nrequest size of the other packet. A possible workaround is to disable \nHTTP PUT support." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "emo@eclipse.org", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "emo@eclipse.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-191" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/eclipse-threadx/netxduo/commit/c78d650be7377aae1a8704bc0ce5cc6f9f189014", + "source": "emo@eclipse.org" + }, + { + "url": "https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-jf6x-9mgc-p72w", + "source": "emo@eclipse.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-07xx/CVE-2025-0728.json b/CVE-2025/CVE-2025-07xx/CVE-2025-0728.json new file mode 100644 index 00000000000..e41a9bb7d44 --- /dev/null +++ b/CVE-2025/CVE-2025-07xx/CVE-2025-0728.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2025-0728", + "sourceIdentifier": "emo@eclipse.org", + "published": "2025-02-21T09:15:10.077", + "lastModified": "2025-02-21T09:15:10.077", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before \nversion 6.4.2, an attacker can cause an integer underflow and a \nsubsequent denial of service by writing a very large file, by specially \ncrafted packets with Content-Length smaller than the data request size. A\n possible workaround is to disable HTTP PUT support." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "emo@eclipse.org", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "emo@eclipse.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-191" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/eclipse-threadx/netxduo/commit/c78d650be7377aae1a8704bc0ce5cc6f9f189014", + "source": "emo@eclipse.org" + }, + { + "url": "https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-hqp7-4q26-6wqf", + "source": "emo@eclipse.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-14xx/CVE-2025-1410.json b/CVE-2025/CVE-2025-14xx/CVE-2025-1410.json new file mode 100644 index 00000000000..457a8f12fa5 --- /dev/null +++ b/CVE-2025/CVE-2025-14xx/CVE-2025-1410.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-1410", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-02-21T09:15:10.200", + "lastModified": "2025-02-21T09:15:10.200", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Events Calendar Made Simple \u2013 Pie Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's piecal shortcode in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3243992/", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/pie-calendar/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fcaea2fb-ebf8-49b4-8cd5-0d9208252a90?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-14xx/CVE-2025-1470.json b/CVE-2025/CVE-2025-14xx/CVE-2025-1470.json new file mode 100644 index 00000000000..cd3678f9b77 --- /dev/null +++ b/CVE-2025/CVE-2025-14xx/CVE-2025-1470.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2025-1470", + "sourceIdentifier": "emo@eclipse.org", + "published": "2025-02-21T10:15:11.243", + "lastModified": "2025-02-21T10:15:11.243", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In Eclipse OMR, from the initial contribution to version 0.4.0, some OMR internal port library and utilities consumers of z/OS atoe functions do not check their return values for NULL memory pointers or for memory allocation failures. This can lead to NULL pointer dereference crashes. Beginning in version 0.5.0, internal OMR consumers of atoe functions handle NULL return values and memory allocation failures correctly." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "emo@eclipse.org", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "emo@eclipse.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/eclipse-omr/omr/pull/7655", + "source": "emo@eclipse.org" + }, + { + "url": "https://github.com/eclipse-omr/omr/pull/7663", + "source": "emo@eclipse.org" + }, + { + "url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/54", + "source": "emo@eclipse.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-14xx/CVE-2025-1471.json b/CVE-2025/CVE-2025-14xx/CVE-2025-1471.json new file mode 100644 index 00000000000..7e1999ede33 --- /dev/null +++ b/CVE-2025/CVE-2025-14xx/CVE-2025-1471.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2025-1471", + "sourceIdentifier": "emo@eclipse.org", + "published": "2025-02-21T10:15:11.413", + "lastModified": "2025-02-21T10:15:11.413", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In Eclipse OMR versions 0.2.0 to 0.4.0, some of the z/OS atoe print functions use a constant length buffer for string conversion. If the input format string and arguments are larger than the buffer size then buffer overflow occurs. Beginning in version 0.5.0, the conversion buffers are sized correctly and checked appropriately to prevent buffer overflows." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "emo@eclipse.org", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "emo@eclipse.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/eclipse-omr/omr/pull/7658", + "source": "emo@eclipse.org" + }, + { + "url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/55", + "source": "emo@eclipse.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 8f80253c2ff..7c267e6985f 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-02-21T09:00:51.176393+00:00 +2025-02-21T11:00:29.838951+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-02-21T08:15:28.417000+00:00 +2025-02-21T10:15:11.413000+00:00 ``` ### Last Data Feed Release @@ -33,14 +33,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -281989 +281999 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `10` -- [CVE-2025-0726](CVE-2025/CVE-2025-07xx/CVE-2025-0726.json) (`2025-02-21T08:15:28.417`) +- [CVE-2024-12276](CVE-2024/CVE-2024-122xx/CVE-2024-12276.json) (`2025-02-21T10:15:10.290`) +- [CVE-2024-12452](CVE-2024/CVE-2024-124xx/CVE-2024-12452.json) (`2025-02-21T10:15:10.457`) +- [CVE-2024-13353](CVE-2024/CVE-2024-133xx/CVE-2024-13353.json) (`2025-02-21T10:15:10.607`) +- [CVE-2024-13461](CVE-2024/CVE-2024-134xx/CVE-2024-13461.json) (`2025-02-21T10:15:10.767`) +- [CVE-2024-13648](CVE-2024/CVE-2024-136xx/CVE-2024-13648.json) (`2025-02-21T10:15:10.927`) +- [CVE-2025-0727](CVE-2025/CVE-2025-07xx/CVE-2025-0727.json) (`2025-02-21T09:15:09.010`) +- [CVE-2025-0728](CVE-2025/CVE-2025-07xx/CVE-2025-0728.json) (`2025-02-21T09:15:10.077`) +- [CVE-2025-1410](CVE-2025/CVE-2025-14xx/CVE-2025-1410.json) (`2025-02-21T09:15:10.200`) +- [CVE-2025-1470](CVE-2025/CVE-2025-14xx/CVE-2025-1470.json) (`2025-02-21T10:15:11.243`) +- [CVE-2025-1471](CVE-2025/CVE-2025-14xx/CVE-2025-1471.json) (`2025-02-21T10:15:11.413`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 8581faf7cc8..bc254460f0e 100644 --- a/_state.csv +++ b/_state.csv @@ -245599,6 +245599,7 @@ CVE-2024-12271,0,0,e756524ee3996486f46fc9dfb0848744c8a90daec55e50296545ffd31d194 CVE-2024-12272,0,0,cbbb238a5fc49c4ada4f96dbd5ec3bf6a1bab33a6ad37ef5b0235e516631a83b,2024-12-25T04:15:06.457000 CVE-2024-12274,0,0,754c33d384166421b8530c0b6be4d1f50e294eb962f01142a13c10f72064a9a9,2025-01-13T15:15:07.727000 CVE-2024-12275,0,0,b6c89aad753f4288f4ee3eb48d039165a7e55489cd8f246e0432f82458e25832,2025-01-31T17:15:11.957000 +CVE-2024-12276,1,1,ac87679c832d171d2f05cc5a33dd2cbdfb1662932e63d4d23d1bd768125d730d,2025-02-21T10:15:10.290000 CVE-2024-12279,0,0,28f926ab6f57c2b10bee59d6914cc0152fa6a23fa0d172ad6d11e3d9d407b5c2,2025-01-04T12:15:24.453000 CVE-2024-1228,0,0,02a2d35b9c29d8600ba5afee210d0e6465f5ee41eb5d9edcafc9d5f9e15f44ef,2024-11-21T08:50:06.280000 CVE-2024-12280,0,0,877a1ef9090370a5789c2e7362afe046232f3567d1b51a01b5cd894549fa6293,2025-01-28T21:15:16.317000 @@ -245753,6 +245754,7 @@ CVE-2024-12448,0,0,4923580d5a5f99d530db30df1f25529a66e5faa8f94f1d2c65ae42b9f669a CVE-2024-12449,0,0,5fcc22f14406311e0fc83130f321673a9681bcd45ccd4b15a7e6df2428ef10f4,2024-12-18T04:15:08.103000 CVE-2024-1245,0,0,95e8542ba13fb11ab7fe96b21acceb5168a3d85655e46eadbf4243e255ea26c4,2024-11-21T08:50:08.740000 CVE-2024-12451,0,0,67c653f5b766de9eabac31aac33935b0d524840bf4e4a950cc1dfb440a57f21e,2025-01-31T18:55:11.707000 +CVE-2024-12452,1,1,7d880a9042e36d32233de02d3a7a57b792407a1771be133aa9843ea62498cb99,2025-02-21T10:15:10.457000 CVE-2024-12453,0,0,76ad3f9c42446921081688745051c38b136a07ee1614804cd400b083fd2b395b,2025-01-07T05:15:19.260000 CVE-2024-12454,0,0,8d73661dfeacd698ba1638817b062fe681bc6bd2d9cfe150642a15e6ed3c799a,2024-12-18T10:15:08.117000 CVE-2024-12457,0,0,8b6dcd10765fdf34de144f9bc8c49e92cdcb9e82bb357349c5178d12bb4f5cd7,2025-01-07T05:15:19.453000 @@ -246539,6 +246541,7 @@ CVE-2024-13349,0,0,1a00cf757b3ec26bd50ea0e563207e24798d3893002c58755b8b9af1d4127 CVE-2024-1335,0,0,82fb69da532892baa7a81804ae338bd46e69a8bbbad77be8c22b678b91bcc8f9,2024-12-31T16:50:11.167000 CVE-2024-13351,0,0,7985eca9113b0e4ff9b5606ce71f06a97acfce6eac97b8c91847c6875b508284,2025-01-15T10:15:07.993000 CVE-2024-13352,0,0,e3b517ead7778233dbb1fb4b3ec3651780c4dec33a82aff69cd76909bd75eb05,2025-02-07T16:15:35.960000 +CVE-2024-13353,1,1,5a8f3045058a1f00f14443cb43400264ab271ef4f72330e58ff7dad66a3150ca,2025-02-21T10:15:10.607000 CVE-2024-13354,0,0,70c8df8ffc765e671782c1c5275e6f7668ade0103b0f3f6fd1920147a9a818fb,2025-02-05T01:36:55.960000 CVE-2024-13355,0,0,b14926ff025e929de229a84af4734d711f0473d16ba82bc6498a7b20173af029,2025-01-16T10:15:08.750000 CVE-2024-13356,0,0,4c62ebf770eb8ffd31345cb0ef6c5025a9e134a147f2b545dcf049e579341f09,2025-02-04T10:15:07.920000 @@ -246627,6 +246630,7 @@ CVE-2024-13458,0,0,b0c82b9a6a2ae8ab3e75191e77bf09ecd6761e542d7fe4c0d50e106a0dd34 CVE-2024-13459,0,0,a9fe845bd277299369bc3f6cedb4f513e577d0a95806c4e189fd9614c9d6fa2e,2025-02-18T19:11:47.197000 CVE-2024-1346,0,0,67674c75c08ebc67974102102d05a3921f8c61d1fe386fe7de33f2c37b3bc24d,2024-11-21T08:50:22.793000 CVE-2024-13460,0,0,9c101ce4e9a0b77c24ea9727b59b3a3bfa4cbf94a343064a0ab69a083a2820cf,2025-01-31T18:07:24.277000 +CVE-2024-13461,1,1,7310b23419daedb24e559d3e84e89095cccd323ffb73d8e4bc88880b2b6bd17b,2025-02-21T10:15:10.767000 CVE-2024-13462,0,0,bd808375ae18220a9dd6d9ebbed45c53c83edb8ab02aeb633cd1274f400f3576,2025-02-19T08:15:15.620000 CVE-2024-13463,0,0,a74bd740de3fc458ef5c03de3331d5acaeffdc8e1dd114982c1f405dca936e7c,2025-01-31T04:15:07.497000 CVE-2024-13464,0,0,c7ce95854847c11fde5a1ddc21e150442b9e815758c964241dcc7c0eae02ec39,2025-02-18T05:15:11.673000 @@ -246777,6 +246781,7 @@ CVE-2024-13642,0,0,e62737ae89b22b0d2ca4d332b68aa19e6175af0f52e0500481826051778e9 CVE-2024-13643,0,0,976eb3748a453f62f41c154b29792936c30855f6728fa73bdd9cf169ffa6a36c,2025-02-11T08:15:30.450000 CVE-2024-13644,0,0,103d60e076f3c7bd4ae30253359a8c34e6a584ab6c0d85823d2a2e5827ff1420,2025-02-13T02:15:29.320000 CVE-2024-13646,0,0,df579ebc80f166383afd2bf72cceedaa012995a592dad78c8758f9a4e2dd62bd,2025-01-31T18:19:45.780000 +CVE-2024-13648,1,1,f589efbdd78e1f30099fe430f3ef2d8f3f3a111a9876802924f438e5321ec20b,2025-02-21T10:15:10.927000 CVE-2024-1365,0,0,0f6156fbf2b7d3a217bf5d4ee39b3ca345099663b38e102dcb249b872d4e92ab,2024-11-21T08:50:25.350000 CVE-2024-13651,0,0,7254671bcf096b25864421ea702cf7c7150d2b6e2d950cb4a4179c92a42d85a9,2025-02-01T04:15:30.997000 CVE-2024-13652,0,0,ed8d8236d1a3115f336400cbdd4ac56e250a414778c3b1c32835210395f1f04d,2025-01-31T18:21:53.167000 @@ -279272,7 +279277,9 @@ CVE-2025-0720,0,0,602262593ab5841efad088d2b78c277a4b7966a622beefaf31478d2cb38267 CVE-2025-0721,0,0,9b15b019b479c4479137e55c74f2da2652b1f56c2d67e45558507ea73a96e795,2025-01-27T00:15:26.317000 CVE-2025-0722,0,0,d286657780f2322cec5dfe4e8af4674bbdc5e8a8b778a753270cdbdd213a2c1d,2025-01-27T00:15:26.517000 CVE-2025-0725,0,0,933a9ff65143c6df56b3e49502ce5d61c7538865f62de87a7e6b7da33078c72d,2025-02-06T19:15:19.733000 -CVE-2025-0726,1,1,212658285d0dca65eb38afbe2d0cc022419c14eff42b3a61d47e964a9493cddf,2025-02-21T08:15:28.417000 +CVE-2025-0726,0,0,212658285d0dca65eb38afbe2d0cc022419c14eff42b3a61d47e964a9493cddf,2025-02-21T08:15:28.417000 +CVE-2025-0727,1,1,bb76426d7360ab591b4341810574104175a8b841230e45a68fe25f6f54b22f96,2025-02-21T09:15:09.010000 +CVE-2025-0728,1,1,fbe2ca789a8cd169b541c150bb8deacad0a074160227e69d375dcc5d934fc86c,2025-02-21T09:15:10.077000 CVE-2025-0729,0,0,47f7aa1143af5ff386851185d07322b33da91a6c70254019e675c66f6b698c27,2025-01-27T17:15:16.917000 CVE-2025-0730,0,0,2af04aa386ac678a6fc944dd8f7ba46d52548cae0bde338f3a493a49b6512319,2025-01-27T17:15:17.133000 CVE-2025-0732,0,0,1ce675ab3efd6ec96092631e523be68cbc1c9a729d4a9ad32dfbaf47ed4ee068,2025-01-27T18:15:40.550000 @@ -279624,6 +279631,7 @@ CVE-2025-1391,0,0,a1f2e3a8ca093b8de620c0e72b50119acca7a6fd87679168958e3acea938ff CVE-2025-1392,0,0,381fc64763a47738c9a933c7e4bcfcc84ef66c73e4a81eacddf01751da768947,2025-02-17T16:15:16.120000 CVE-2025-1406,0,0,4b4d1ff21a0ba0811215bc35d6774baf51e77603ba63fc9e650d11b6ceed4f86,2025-02-21T04:15:10.347000 CVE-2025-1407,0,0,70f77407081cff4de8b8d13a9badac21a5019470fe2d018139382b1f1331d1e8,2025-02-21T04:15:10.510000 +CVE-2025-1410,1,1,f4fa6259cc030a3c18635b5a57715bd57396d86c3ee145748700746fe04576c9,2025-02-21T09:15:10.200000 CVE-2025-1414,0,0,b6f2fa5b41b9076d018bd1d274a1717bfb4b17a7162b38316b8f5f46b587bbc9,2025-02-18T21:15:25.440000 CVE-2025-1426,0,0,b67c79264aa66cdef5e5d9ec5a4b31cb1b09b1607a3ca51cd7f8f759ad39f482,2025-02-19T20:15:36.467000 CVE-2025-1441,0,0,dea0748ac4805add0b5a620a8c550d3c2cb9f813ccabe70b3df2355bbf5d5eab,2025-02-19T05:15:12.050000 @@ -279631,6 +279639,8 @@ CVE-2025-1447,0,0,0171066f5cc38b75ed48310b7b051ba77753a7de710aef2fb49270a13c1b06 CVE-2025-1448,0,0,8646602fe654ea9c8b8dc30e88ebd580a07aa04ffb2e255dc4fb4a77857c3ea4,2025-02-19T02:15:08.833000 CVE-2025-1464,0,0,b14d16c6baac3507cd4582169a63151cc0fa9ea50d60b1fe8184ca7d2a79a3df,2025-02-19T14:15:30.337000 CVE-2025-1465,0,0,2910b362fc4eb01a626127c50d683f7ea305894f7d9657ebb7cc043987c8c3ee,2025-02-19T16:15:40.667000 +CVE-2025-1470,1,1,c431c34122bd455693ae857da134c11078dd424d889a110192af0d8789781c00,2025-02-21T10:15:11.243000 +CVE-2025-1471,1,1,5f2308ef243e2997d93c627b7cee213af79efe1fdd8602f268a3ff3acb063cf9,2025-02-21T10:15:11.413000 CVE-2025-1483,0,0,76cafe28555a10dbbf45546d6f75e89aec9e95ad54aaa4bc0e47714c7e682b94,2025-02-20T10:15:12.537000 CVE-2025-1492,0,0,4cf0d4c2a3031b043d71ffc226830ce9ea797081b5a3ae5a1323a931931fb733,2025-02-20T02:15:38.553000 CVE-2025-20014,0,0,9692e5cd581a413def58e50a6734c5a89401a76673de37fc6a41ad824a4429cc,2025-01-29T20:15:35.207000