From 9c0586deaec8c1a17d1a167b640a3e8b34797313 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 16 Jan 2025 11:04:02 +0000 Subject: [PATCH] Auto-Update: 2025-01-16T11:00:35.167319+00:00 --- CVE-2024/CVE-2024-124xx/CVE-2024-12427.json | 68 +++++++++++++++++++++ CVE-2024/CVE-2024-126xx/CVE-2024-12613.json | 60 ++++++++++++++++++ CVE-2024/CVE-2024-126xx/CVE-2024-12614.json | 64 +++++++++++++++++++ CVE-2024/CVE-2024-126xx/CVE-2024-12615.json | 68 +++++++++++++++++++++ CVE-2024/CVE-2024-133xx/CVE-2024-13355.json | 60 ++++++++++++++++++ CVE-2024/CVE-2024-133xx/CVE-2024-13387.json | 60 ++++++++++++++++++ CVE-2024/CVE-2024-453xx/CVE-2024-45331.json | 56 +++++++++++++++++ CVE-2024/CVE-2024-488xx/CVE-2024-48885.json | 56 +++++++++++++++++ CVE-2024/CVE-2024-505xx/CVE-2024-50563.json | 56 +++++++++++++++++ README.md | 21 ++++--- _state.csv | 13 +++- 11 files changed, 573 insertions(+), 9 deletions(-) create mode 100644 CVE-2024/CVE-2024-124xx/CVE-2024-12427.json create mode 100644 CVE-2024/CVE-2024-126xx/CVE-2024-12613.json create mode 100644 CVE-2024/CVE-2024-126xx/CVE-2024-12614.json create mode 100644 CVE-2024/CVE-2024-126xx/CVE-2024-12615.json create mode 100644 CVE-2024/CVE-2024-133xx/CVE-2024-13355.json create mode 100644 CVE-2024/CVE-2024-133xx/CVE-2024-13387.json create mode 100644 CVE-2024/CVE-2024-453xx/CVE-2024-45331.json create mode 100644 CVE-2024/CVE-2024-488xx/CVE-2024-48885.json create mode 100644 CVE-2024/CVE-2024-505xx/CVE-2024-50563.json diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12427.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12427.json new file mode 100644 index 00000000000..18191ac005f --- /dev/null +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12427.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2024-12427", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-16T10:15:07.243", + "lastModified": "2025-01-16T10:15:07.243", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Multi Step Form plugin for WordPress is vulnerable to unauthorized limited file upload due to a missing capability check on the fw_upload_file AJAX action in all versions up to, and including, 1.7.23. This makes it possible for unauthenticated attackers to upload limited file types such as images." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/multi-step-form/tags/1.7.22/includes/lib/msf-shortcode.class.php#L100", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/multi-step-form/tags/1.7.22/includes/lib/msf-shortcode.class.php#L30", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3219723%40multi-step-form&new=3219723%40multi-step-form&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f0a31fee-ccc2-4c3b-b198-6cb750188113?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-126xx/CVE-2024-12613.json b/CVE-2024/CVE-2024-126xx/CVE-2024-12613.json new file mode 100644 index 00000000000..7c996fcca83 --- /dev/null +++ b/CVE-2024/CVE-2024-126xx/CVE-2024-12613.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-12613", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-16T10:15:07.633", + "lastModified": "2025-01-16T10:15:07.633", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb->prefix value in several AJAX fuctions in all versions up to, and including, 1.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3221505/passwords-manager/trunk/include/pms-passwords-ajax-action.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dec38992-a69f-4ccd-a23b-4dd1639897c3?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-126xx/CVE-2024-12614.json b/CVE-2024/CVE-2024-126xx/CVE-2024-12614.json new file mode 100644 index 00000000000..6db4da12207 --- /dev/null +++ b/CVE-2024/CVE-2024-126xx/CVE-2024-12614.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-12614", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-16T10:15:08.023", + "lastModified": "2025-01-16T10:15:08.023", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Passwords Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pms_save_setting' and 'post_new_pass' AJAX actions in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugins settings and add passwords." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3221505/passwords-manager/trunk/include/pms-passwords-ajax-action.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3221505/passwords-manager/trunk/include/pms-settings-ajax-action.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/898c5554-fd02-47a2-a1f9-1c488cfab57e?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-126xx/CVE-2024-12615.json b/CVE-2024/CVE-2024-126xx/CVE-2024-12615.json new file mode 100644 index 00000000000..e8126caaba2 --- /dev/null +++ b/CVE-2024/CVE-2024-126xx/CVE-2024-12615.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2024-12615", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-16T10:15:08.380", + "lastModified": "2025-01-16T10:15:08.380", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb->prefix value in several AJAX actions in all versions up to, and including, 1.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3221505/passwords-manager/trunk/include/admin-page/addon/csv-export/index.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3221505/passwords-manager/trunk/include/pms-categories-ajax-action.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3221505/passwords-manager/trunk/include/pms-passwords-ajax-action.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ce8397d5-6637-4faa-be1f-9cf52c25be9b?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-133xx/CVE-2024-13355.json b/CVE-2024/CVE-2024-133xx/CVE-2024-13355.json new file mode 100644 index 00000000000..f64d600d14b --- /dev/null +++ b/CVE-2024/CVE-2024-133xx/CVE-2024-13355.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-13355", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-16T10:15:08.750", + "lastModified": "2025-01-16T10:15:08.750", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to limited file uploads due to insufficient file type validation in the upload_file() function in all versions up to, and including, 13.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload files on the affected site's server which may make remote code execution possible and is confirmed to make Cross-Site Scripting possible." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3222601%40admin-and-client-message-after-order-for-woocommerce&new=3222601%40admin-and-client-message-after-order-for-woocommerce&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/82cee07d-871a-4579-aa53-ca0d14315458?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-133xx/CVE-2024-13387.json b/CVE-2024/CVE-2024-133xx/CVE-2024-13387.json new file mode 100644 index 00000000000..68cd90787af --- /dev/null +++ b/CVE-2024/CVE-2024-133xx/CVE-2024-13387.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-13387", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-01-16T10:15:09.103", + "lastModified": "2025-01-16T10:15:09.103", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WP Responsive Tabs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wprtabs' shortcode in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3222481%40wp-responsive-tabs&new=3222481%40wp-responsive-tabs&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/39e58875-2f6e-453e-b33f-3d7a2a62b7b6?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-453xx/CVE-2024-45331.json b/CVE-2024/CVE-2024-453xx/CVE-2024-45331.json new file mode 100644 index 00000000000..ea333c4dffe --- /dev/null +++ b/CVE-2024/CVE-2024-453xx/CVE-2024-45331.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-45331", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-16T09:15:06.500", + "lastModified": "2025-01-16T09:15:06.500", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A incorrect privilege assignment in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiManager versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiAnalyzer Cloud versions 7.4.1 through 7.4.2, 7.2.1 through 7.2.6, 7.0.1 through 7.0.13, 6.4.1 through 6.4.7 allows attacker to escalate privilege via specific shell commands" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-266" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-127", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-488xx/CVE-2024-48885.json b/CVE-2024/CVE-2024-488xx/CVE-2024-48885.json new file mode 100644 index 00000000000..285e4cb53fd --- /dev/null +++ b/CVE-2024/CVE-2024-488xx/CVE-2024-48885.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-48885", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-16T09:15:06.737", + "lastModified": "2025-01-16T09:15:06.737", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiRecorder versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4, FortiWeb versions 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10, 6.4.0 through 6.4.3, FortiVoice versions 7.0.0 through 7.0.4, 6.4.0 through 6.4.9, 6.0.0 through 6.0.12 allows attacker to escalate privilege via specially crafted packets." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-259", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50563.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50563.json new file mode 100644 index 00000000000..4748c772440 --- /dev/null +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50563.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-50563", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2025-01-16T10:15:09.480", + "lastModified": "2025-01-16T10:15:09.480", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1390" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-221", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index bdd90b3e01a..3767a4f004b 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-01-16T09:00:32.527996+00:00 +2025-01-16T11:00:35.167319+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-01-16T08:15:25.213000+00:00 +2025-01-16T10:15:09.480000+00:00 ``` ### Last Data Feed Release @@ -33,21 +33,28 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -277634 +277643 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `9` -- [CVE-2024-12226](CVE-2024/CVE-2024-122xx/CVE-2024-12226.json) (`2025-01-16T07:15:26.333`) +- [CVE-2024-12427](CVE-2024/CVE-2024-124xx/CVE-2024-12427.json) (`2025-01-16T10:15:07.243`) +- [CVE-2024-12613](CVE-2024/CVE-2024-126xx/CVE-2024-12613.json) (`2025-01-16T10:15:07.633`) +- [CVE-2024-12614](CVE-2024/CVE-2024-126xx/CVE-2024-12614.json) (`2025-01-16T10:15:08.023`) +- [CVE-2024-12615](CVE-2024/CVE-2024-126xx/CVE-2024-12615.json) (`2025-01-16T10:15:08.380`) +- [CVE-2024-13355](CVE-2024/CVE-2024-133xx/CVE-2024-13355.json) (`2025-01-16T10:15:08.750`) +- [CVE-2024-13387](CVE-2024/CVE-2024-133xx/CVE-2024-13387.json) (`2025-01-16T10:15:09.103`) +- [CVE-2024-45331](CVE-2024/CVE-2024-453xx/CVE-2024-45331.json) (`2025-01-16T09:15:06.500`) +- [CVE-2024-48885](CVE-2024/CVE-2024-488xx/CVE-2024-48885.json) (`2025-01-16T09:15:06.737`) +- [CVE-2024-50563](CVE-2024/CVE-2024-505xx/CVE-2024-50563.json) (`2025-01-16T10:15:09.480`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `0` -- [CVE-2025-23013](CVE-2025/CVE-2025-230xx/CVE-2025-23013.json) (`2025-01-16T08:15:25.213`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 5322bbf0880..5a3607dc227 100644 --- a/_state.csv +++ b/_state.csv @@ -245132,7 +245132,7 @@ CVE-2024-1222,0,0,ff0f67607974451388d42ae6b90b2e9690717b801a6493a4e7aa508a94c688 CVE-2024-12220,0,0,5a9af5863bd9968393d1012c1c5f5fb4875db98205155149f405e76579a2b19e,2024-12-17T08:15:05.393000 CVE-2024-12221,0,0,a87846a9ea687f0610603fb61d7ca73e4beeed151fc32a3afc0c338aec17e851,2025-01-04T10:15:06.410000 CVE-2024-12222,0,0,0124c6cfdc91b4979955e2191dd7c13c0eb40d8384f002a9efb114a750f8d213,2025-01-09T11:15:12.490000 -CVE-2024-12226,1,1,426293b413c4970fd2746921ea025f0391aaab4d3790f5078d27ba6cc92c7012,2025-01-16T07:15:26.333000 +CVE-2024-12226,0,0,426293b413c4970fd2746921ea025f0391aaab4d3790f5078d27ba6cc92c7012,2025-01-16T07:15:26.333000 CVE-2024-12227,0,0,c353a784c73b22c93b545f7e3c07e2ff77771e5d977f7464354ff7113388628f,2024-12-05T14:15:19.400000 CVE-2024-12228,0,0,cba3b66c66f8b74b7da0219a0273d1dd0c005a65d0aca4a38c9a6589b54985c9,2024-12-10T23:19:04.773000 CVE-2024-12229,0,0,aa44844c8d830c107b3760370b58cb504158d7d7c510be09891b02a376b9c9ac,2024-12-10T23:19:31.487000 @@ -245287,6 +245287,7 @@ CVE-2024-12422,0,0,27a2b7b5579aea6b626e898353e29adaf77dce7f7392fa2cdcdfb4f6d5529 CVE-2024-12423,0,0,3555afe86904ac107f3db4c4d72aa253a40f0541e51402914a1017949cc8c3b5,2025-01-15T10:15:07.630000 CVE-2024-12425,0,0,d885296390121d087e04ef42b8491b76f893200d98a386f95c4a72f26f9f2359,2025-01-07T12:15:24.183000 CVE-2024-12426,0,0,172dd3632cc915a80121d55ee02d9001ce95b069ca8a1e5b844628b1eeffffb6,2025-01-07T13:15:07.210000 +CVE-2024-12427,1,1,e75b5adc741827eedf4098619ab568942b8e84e707ecff6859520e41e07fe71a,2025-01-16T10:15:07.243000 CVE-2024-12428,0,0,0dc42c82097510dcd67ba200f4a63250bd059d1ff61bcff7d39f7b5f34a5af10,2024-12-25T05:15:06.920000 CVE-2024-12429,0,0,e6d5ff5cfceb2f61c0ef11c8f30168015114d1365dea8b766c339e4109cab13c,2025-01-07T17:15:20.527000 CVE-2024-12430,0,0,0c8a563bb6bc403b10276a981acccd2883fb8e64f72cd343170d116fbae88cc4,2025-01-07T17:15:20.703000 @@ -245425,6 +245426,9 @@ CVE-2024-12603,0,0,b77b6c9527bd0798c4124cb6a67b3eb0384daf1c81bc149052bbc09ab0e74 CVE-2024-12605,0,0,a0f2993b097a4c99b97e822aef9d508fcc987f27fa00acaa2c8fa4c5ee5e87b3,2025-01-09T15:15:14.150000 CVE-2024-12606,0,0,22dbeb9ccb7de3748ffcb5a9742ed9efae0d34cb977177faf680cf3e4f662ce5,2025-01-10T04:15:19.667000 CVE-2024-1261,0,0,7451d11c24f2ac390a05020abbe5be1a7d1e877de58a9c0842a513a0e1790005,2024-11-21T08:50:11.030000 +CVE-2024-12613,1,1,17ef13e8555c69068e4fa02b53cb81098153e1f551058b907c691c77374dc1a6,2025-01-16T10:15:07.633000 +CVE-2024-12614,1,1,e571b4e4491487f2f9e819ccc16fae6c0ac59e6cfb7ed30e8d5046638d60453c,2025-01-16T10:15:08.023000 +CVE-2024-12615,1,1,bf0a4dcec7d9520733542eb42362ef30d25c98232bfadbee356ba2a388d2079e,2025-01-16T10:15:08.380000 CVE-2024-12616,0,0,77a54d2c4fc323087210e2a6a22bc6796e40cd4e337b416a96bae19b39d4476a,2025-01-09T11:15:14.970000 CVE-2024-12617,0,0,fa783f9d7a3d972025357eb9fc5c4fe83a667f5b392e03f824f0f0bb531ed431,2024-12-24T05:15:07.013000 CVE-2024-12618,0,0,9a78b540470b044696728715f2dbde7ff3f05b2e5efee894087a680363f0dace,2025-01-09T11:15:15.193000 @@ -245940,9 +245944,11 @@ CVE-2024-1334,0,0,5cd8113de272a8c461c68981cf2d6addc6166d9cf4d9dbad0d56a2a1ca6713 CVE-2024-13348,0,0,28a0ee7b4191c68c40fabdc5ca96e1c7f939c87fdb38db21e8b32e455395118b,2025-01-14T04:15:09.200000 CVE-2024-1335,0,0,82fb69da532892baa7a81804ae338bd46e69a8bbbad77be8c22b678b91bcc8f9,2024-12-31T16:50:11.167000 CVE-2024-13351,0,0,82f0f1a80f8f2950e9c84e7abdd61c165fb4e8543af42fe1c6d847744006626a,2025-01-15T10:15:07.993000 +CVE-2024-13355,1,1,a8ca28e00f9b89c07eec0e25ac16094e44f167607aaa2b464e1b01d07777823a,2025-01-16T10:15:08.750000 CVE-2024-1336,0,0,5ac217bb74b5afa6bf4a3181b1971e5eb197bf861678b67cc85953b7d0e71d82,2024-12-31T16:51:04.857000 CVE-2024-1337,0,0,ecd9569d803b0ad7e93765437336dbe54b6bca900bd0d8d6a4265ae95a2bd0fa,2024-11-21T08:50:21.857000 CVE-2024-1338,0,0,dc2761903a1c29795472be9ec50c80e554c7222ddc44792707b7eb37ea2462f8,2024-12-31T16:51:41.113000 +CVE-2024-13387,1,1,6dc34c1690f397ff8c8c3331579d380bce906690020b30857f4fdc2d82342f2f,2025-01-16T10:15:09.103000 CVE-2024-1339,0,0,a64c4c68c8a9a926adb37b05ad26ad3fdfdc4a14ba534fc12b29b0c3bcb239b6,2024-12-31T16:52:24.407000 CVE-2024-13394,0,0,b6fcea27182fbefcf0642745a1f133fbfca8eb302a1dddd2465056b203356454,2025-01-15T06:15:16.150000 CVE-2024-1340,0,0,779cbb4786989b99b13d0df5bfadd47a6bb17fb76227d8a826f245b565dc9020,2024-11-21T08:50:22.180000 @@ -265787,6 +265793,7 @@ CVE-2024-45326,0,0,86ebce8f30d55c1b2581cd9f16d3a4529cb04f091a99a26c0b2f7f2fa73b1 CVE-2024-45327,0,0,42ce17a56d26e9f93c0428bdd57edccc07f542ef58a06cef469cef22c8286e63,2024-09-11T16:26:11.920000 CVE-2024-4533,0,0,565c4992f22cce399c7ec79b1c1f5241de1ceb51c7019357739f36b97aa0a0ff,2024-11-21T09:43:03.177000 CVE-2024-45330,0,0,e9c0a42cafd75c39cc2fb6322b0e3eb6100b15258e5462b4bef0ad15a3b44297,2024-10-19T00:41:09.717000 +CVE-2024-45331,1,1,50a30c7ff023f46df9bb814a7b6dea1e93fd189bcc773dbdcc28ffac6c6b64f9,2025-01-16T09:15:06.500000 CVE-2024-45334,0,0,c1a95be34d5696913864dee9719b7ad805fe7ff8dee6bbd29645a138cdd2805b,2024-10-25T14:41:43.473000 CVE-2024-45335,0,0,df1b52d83b5212b89c08532eb4b3f1fce61dd8609884645d9cc9fbfcae22125a,2024-10-25T14:37:39.387000 CVE-2024-45337,0,0,0204a585b71dc2eafeae0a7aa43ff297085c36ff7e1720071b48d72e387539af,2024-12-12T21:15:08.500000 @@ -268038,6 +268045,7 @@ CVE-2024-4888,0,0,133d57bae18b01966145fd4e4ce13e18e7959193dbb6b4323cb9d35593035e CVE-2024-48881,0,0,ebc6f1728ddca45a5c4c77e921d1ab1f076b9c09394d13101391d66674a8d76b,2025-01-11T13:15:23.437000 CVE-2024-48883,0,0,40a7c06416987571c8a8b08bd952b0491dd531f3479f503fba90cb6ed5c81613,2025-01-13T20:15:28.770000 CVE-2024-48884,0,0,d7531b7cb1135a3712a0535e6ddd9869708afc1b4a4e954957fc71e4dc4da04b,2025-01-14T14:15:32.873000 +CVE-2024-48885,1,1,bd322d0919f1f5bfc17b7462306e27a9d23817b549080ee56f875128913f049f,2025-01-16T09:15:06.737000 CVE-2024-48886,0,0,e66f6047d306aaedc1af3f50921854a8ed3741d3b76c9be2c96afcce2b1dd88b,2025-01-14T14:15:33.027000 CVE-2024-48889,0,0,8e1bac12eb50f3243e5ec10f0474e909f75dc6516eb6b1b6cee870377808ea68,2024-12-18T15:15:11.713000 CVE-2024-4889,0,0,54e41cd985dde0162870a1a62b42a9fd40bf90446677bc64ce2d3dd7fe90e1b1,2024-11-21T09:43:47.970000 @@ -269475,6 +269483,7 @@ CVE-2024-50559,0,0,dfa1c4cb23ceb2f70b4684ba6fc94ad535123e84e14b38239e2546f378ae5 CVE-2024-5056,0,0,8fffdd4127619c786aa0989407007469ff9a6aa73bf668207b4ad19c19de1531,2024-11-21T09:46:52.267000 CVE-2024-50560,0,0,849cbb22dc43c9735ca18b0189950c1e8b5ecac4d47888f5bcbc5715b936ca6b,2024-11-13T19:57:26.073000 CVE-2024-50561,0,0,6a51b1f26d5cf18987d57ec188dc14932c4d4312c95a1bfb0fba3e588b50e618,2024-11-13T19:57:56.313000 +CVE-2024-50563,1,1,253a74e32fbffc4b52e4d9539e8bc00fc5bf80060138af33191a70dadb63a53f,2025-01-16T10:15:09.480000 CVE-2024-50564,0,0,e7d7ba23b6b0bd993389dc5aa1693345829839ebf13dced1f3e6b06c0e9b8cb4,2025-01-14T14:15:33.490000 CVE-2024-50566,0,0,3bfb5a17edce1a8fb08ca6a9da44a890273e947e3c31fd7cc912e28d4fea9f0f,2025-01-14T14:15:33.650000 CVE-2024-5057,0,0,4e84b19a66dd237677e71f8f6b2954676ecae2fca742ad51c75df8e74bfe774e,2024-09-20T19:31:39.437000 @@ -277590,7 +277599,7 @@ CVE-2025-22983,0,0,818f0a40d17098ac93c0b9b96dbd9489c7b8bd9e521ddba6a0116d1bc14ba CVE-2025-22984,0,0,1a545998f559ee7e76b6e0da26fd2ee7d20b16b478982f1cd328aa26a28e86f8,2025-01-14T16:15:35.710000 CVE-2025-22996,0,0,8353f71e1021a99be2843ee26c19df5f4da352df92661e6ab1f14b6f88fb0dd3,2025-01-15T17:15:21.837000 CVE-2025-22997,0,0,784fa7ead53bc349c92561866d97c2fb20b9fab0d953b0c5445a13195ff35fef,2025-01-15T17:15:22.193000 -CVE-2025-23013,0,1,eda8f19162401d5437dd237a324a4e20454866dfe24c95f53e82678a4b2a5a4e,2025-01-16T08:15:25.213000 +CVE-2025-23013,0,0,eda8f19162401d5437dd237a324a4e20454866dfe24c95f53e82678a4b2a5a4e,2025-01-16T08:15:25.213000 CVE-2025-23016,0,0,31a93833611c1f04fca5216d55a04a7c92375e0aedfa95a405475196dac4f70b,2025-01-10T12:15:25.480000 CVE-2025-23018,0,0,04057ebd16387f0035876264d984029a54f25d41dceb84c91b788d3f78ef776b,2025-01-14T20:15:32.440000 CVE-2025-23019,0,0,2441b4edcc7db27f67ae614720ac0c1927e9c7e1651443ff935f830ebd7e09ee,2025-01-14T20:15:32.577000