Auto-Update: 2025-01-15T05:00:32.610200+00:00

2025-05-07 19:16:29 +00:00 · 2025-01-15 05:03:58 +00:00 · 2025-01-15 05:03:58 +00:00 · b12ca0cef3
commit b12ca0cef3
parent 7484a06216
5 changed files with 165 additions and 21 deletions
--- a/CVE-2024/CVE-2024-133xx/CVE-2024-13334.json
+++ b/CVE-2024/CVE-2024-133xx/CVE-2024-13334.json
@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-13334",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-01-15T04:15:19.720",
+  "lastModified": "2025-01-15T04:15:19.720",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Car Demon plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search_condition' parameter in all versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+          "baseScore": 6.1,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/car-demon/trunk/search/search-form.php",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6d50b1c0-9687-4ce2-bfba-c2d6a2fc28dd?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-549xx/CVE-2024-54982.json
+++ b/CVE-2024/CVE-2024-549xx/CVE-2024-54982.json
@ -2,13 +2,20 @@
  "id": "CVE-2024-54982",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-12-19T22:15:06.197",
-  "lastModified": "2024-12-31T20:16:07.193",
+  "lastModified": "2025-01-15T04:15:19.883",
  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
+  "cveTags": [
+    {
+      "sourceIdentifier": "cve@mitre.org",
+      "tags": [
+        "disputed"
+      ]
+    }
+  ],
  "descriptions": [
    {
      "lang": "en",
-      "value": "An issue in Quectel BC25 with firmware version BC25PAR01A06 allows attackers to bypass authentication via a crafted NAS message."
+      "value": "An issue in Quectel BC25 with firmware version BC25PAR01A06 allows attackers to bypass authentication via a crafted NAS message. NOTE: Quectel disputes this because the issue is in the chipset supply chain and is not localized to one or more Quectel products."
    },
    {
      "lang": "es",
--- a/CVE-2025/CVE-2025-230xx/CVE-2025-23013.json
+++ b/CVE-2025/CVE-2025-230xx/CVE-2025-23013.json
@ -0,0 +1,78 @@
+{
+  "id": "CVE-2025-23013",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2025-01-15T04:15:20.037",
+  "lastModified": "2025-01-15T04:15:20.037",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module (PAM) that can be deployed to support authentication using a YubiKey or other FIDO compliant authenticators on macOS or Linux. This software package has an issue that allows for an authentication bypass in some configurations. An attacker would require the ability to access the system as an unprivileged user. Depending on the configuration, the attacker may also need to know the user's password."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "cve@mitre.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "baseScore": 7.3,
+          "baseSeverity": "HIGH",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "attackRequirements": "PRESENT",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "vulnerableSystemConfidentiality": "HIGH",
+          "vulnerableSystemIntegrity": "HIGH",
+          "vulnerableSystemAvailability": "HIGH",
+          "subsequentSystemConfidentiality": "NONE",
+          "subsequentSystemIntegrity": "NONE",
+          "subsequentSystemAvailability": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirements": "NOT_DEFINED",
+          "integrityRequirements": "NOT_DEFINED",
+          "availabilityRequirements": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
+          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
+          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
+          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
+          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
+          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
+          "safety": "NOT_DEFINED",
+          "automatable": "NOT_DEFINED",
+          "recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED"
+        }
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve@mitre.org",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-394"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.yubico.com/support/security-advisories/ysa-2025-01/",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2025-01-15T03:00:34.138466+00:00
+2025-01-15T05:00:32.610200+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2025-01-15T02:15:26.067000+00:00
+2025-01-15T04:15:20.037000+00:00
 ```

 ### Last Data Feed Release
@ -33,25 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-277411
+277413
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `1`
+Recently added CVEs: `2`

- [CVE-2025-0343](CVE-2025/CVE-2025-03xx/CVE-2025-0343.json) (`2025-01-15T01:15:13.673`)
+- [CVE-2024-13334](CVE-2024/CVE-2024-133xx/CVE-2024-13334.json) (`2025-01-15T04:15:19.720`)
+- [CVE-2025-23013](CVE-2025/CVE-2025-230xx/CVE-2025-23013.json) (`2025-01-15T04:15:20.037`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `5`
+Recently modified CVEs: `1`

- [CVE-2024-50312](CVE-2024/CVE-2024-503xx/CVE-2024-50312.json) (`2025-01-15T02:15:26.067`)
- [CVE-2024-55591](CVE-2024/CVE-2024-555xx/CVE-2024-55591.json) (`2025-01-15T02:00:02.087`)
- [CVE-2025-21333](CVE-2025/CVE-2025-213xx/CVE-2025-21333.json) (`2025-01-15T02:00:02.087`)
- [CVE-2025-21334](CVE-2025/CVE-2025-213xx/CVE-2025-21334.json) (`2025-01-15T02:00:02.087`)
- [CVE-2025-21335](CVE-2025/CVE-2025-213xx/CVE-2025-21335.json) (`2025-01-15T02:00:02.087`)
+- [CVE-2024-54982](CVE-2024/CVE-2024-549xx/CVE-2024-54982.json) (`2025-01-15T04:15:19.883`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -245913,6 +245913,7 @@ CVE-2024-1332,0,0,43a2cb0465d1ed7fa77b51d32b9ef650ccc5cd8e8f972f53915014a8e37bc4
 CVE-2024-13323,0,0,b6dbf1bc72030da4865adfe9c77484b3543649561b1053256d05d5821de18e27,2025-01-14T06:15:15.480000
 CVE-2024-13324,0,0,e28b727b7b2e4ff67b104bb8829ddea65c155869cb67c2e17008296310ed866b,2025-01-13T21:15:12.053000
 CVE-2024-1333,0,0,7e67218d34e52c77cd12091eb7bec4820751f8a3faacd15e7977a33b9d658d65,2024-11-21T08:50:21.337000
+CVE-2024-13334,1,1,30c432abb97d04ee92181b3fbe024f7609d999db2107b6b42ffcc6057b3cdf66,2025-01-15T04:15:19.720000
 CVE-2024-1334,0,0,5cd8113de272a8c461c68981cf2d6addc6166d9cf4d9dbad0d56a2a1ca671349,2024-12-31T16:48:40.290000
 CVE-2024-13348,0,0,28a0ee7b4191c68c40fabdc5ca96e1c7f939c87fdb38db21e8b32e455395118b,2025-01-14T04:15:09.200000
 CVE-2024-1335,0,0,82fb69da532892baa7a81804ae338bd46e69a8bbbad77be8c22b678b91bcc8f9,2024-12-31T16:50:11.167000
@ -269174,7 +269175,7 @@ CVE-2024-50307,0,0,effd6ec5b86bf22e86b034cf0d56aa80ef1054d58eddf4f4569fd5216a211
 CVE-2024-5031,0,0,c308606af56c2c63972fb5c4124ab9d975213c17c216c9acc47e4e56bb8f8d42,2024-11-21T09:46:48.853000
 CVE-2024-50310,0,0,0aa8bf92cb0c2ce72d2591b8a623d6ab248b2abe4cf7e33609877fe3cb7813d1,2024-11-13T23:15:38.657000
 CVE-2024-50311,0,0,b0292ba610dd96aa55991ae2b3d8d9a3245ae7b245c406d2ccd4b978c4c63f18,2024-12-04T08:15:06.993000
-CVE-2024-50312,0,1,2be41509e07c89050ede37502a909bec30a9be1d7ef2b7b17d3eaae24f61baa1,2025-01-15T02:15:26.067000
+CVE-2024-50312,0,0,2be41509e07c89050ede37502a909bec30a9be1d7ef2b7b17d3eaae24f61baa1,2025-01-15T02:15:26.067000
 CVE-2024-50313,0,0,64114bcba17ddbbd52304f776f5dd6f39dd07ae575272b42861ff4f8f52981bf,2024-11-15T17:12:44.410000
 CVE-2024-50315,0,0,4cc2faf3d8c489bc195ea9b1b71e3db71fb7f18259f91c4f6bf82e911f7ad06a,2024-11-06T18:15:06.173000
 CVE-2024-50317,0,0,bb18489d7989fbe06416c7902779e422cf61fac95f0d13f7e09c0b8e1bc37193,2024-11-18T15:06:49.627000
@ -272070,7 +272071,7 @@ CVE-2024-5495,0,0,5042268a950e30bd3019e8943c12e21fd198069753506c20c0160553a125c7
 CVE-2024-5496,0,0,9136fd74dd5c910c46896c769e58528b87587fcd9bbfc0ee678598fdc16fe0a5,2024-12-26T16:43:17.607000
 CVE-2024-5497,0,0,3a56eddb971efbd0b60114afefb35325ddcc2425bb5133ac9d5e88b22eba20b7,2024-12-26T16:43:33.383000
 CVE-2024-5498,0,0,9ecbba4511623233a33c3c81181005b0976c38a133da4d6811e96531fd97f158,2024-12-26T16:43:44.433000
-CVE-2024-54982,0,0,cfd88a096d00b833d6272b1bd199993ae32049d7bc6efe9c3a455db48be861e0,2024-12-31T20:16:07.193000
+CVE-2024-54982,0,1,fb36b1fdb011b22b4f00071ed824d47d4d35a6db0dfc10ea33668aa9fc593b3b,2025-01-15T04:15:19.883000
 CVE-2024-54983,0,0,149f3772b456c1ff99a44fd44b0ae178f010b2926690711624e998da7ad367e4,2024-12-31T20:16:07.363000
 CVE-2024-54984,0,0,3c6b13090909d3934507dc7f38f4e66c664045495e844f3883a0db8064e98820,2025-01-07T15:15:10.720000
 CVE-2024-5499,0,0,bbe4dd69894f0f98fba609f59dfd6e7af7f9cec1f980c4939ff30b774a53a4b5,2024-12-26T16:07:06.693000
@ -272224,7 +272225,7 @@ CVE-2024-55582,0,0,8c7e64bb3acec7a473c6e65040db0fdec814405cb32a2dc0c98b336fe36f3
 CVE-2024-55586,0,0,925f554fe1c6418481a3cd536be7ee8d09491d59c7f2a3844aeb8009a61c81a3,2024-12-12T02:08:22.247000
 CVE-2024-55587,0,0,043360c021c66dd2c5a5e7aa976c02dd7134a3fcd9d370dcc05a2b2b78d778ba,2024-12-12T17:15:11.197000
 CVE-2024-5559,0,0,da875044adc3709281edfed6e696b593f02a48923f7270d2350dbdeb9c3f0186,2024-11-21T09:47:55.840000
-CVE-2024-55591,0,1,1182e265e74e2249425348cf1092e4e0ab54f2a3d01ce40d17fea144acd10f9e,2025-01-15T02:00:02.087000
+CVE-2024-55591,0,0,1182e265e74e2249425348cf1092e4e0ab54f2a3d01ce40d17fea144acd10f9e,2025-01-15T02:00:02.087000
 CVE-2024-55593,0,0,7966b8c0c61f0e982eed66bcaeabb127b9928db85b43c7e5a46fdeafce2a85f4,2025-01-14T14:15:34.610000
 CVE-2024-5560,0,0,201a92ce337d2fd4d85cefc5a8b186dd1f339de19f8ea6d91a69fddcd5fd3ef6,2024-11-21T09:47:55.983000
 CVE-2024-55601,0,0,3b6016987278f61ded580e0e03402a0550929e4ad53cc1af6a73ada12213c6f3,2024-12-09T22:15:23.100000
@ -276894,7 +276895,7 @@ CVE-2025-0339,0,0,cbbfea6db0802da47d039e5c973152ba413cad2d917d267fa4913f6c5b7b2f
 CVE-2025-0340,0,0,9f8d7dfd4d7674caee1cd6596de44a56e721410bd02446351bb9cfe3109bd378,2025-01-09T07:15:28.260000
 CVE-2025-0341,0,0,34691be6c91dee5a7eddd15393d10444959b571a53ae5dc2cf37690cab93d762,2025-01-09T08:15:30.060000
 CVE-2025-0342,0,0,c0ced5aaf34287279d842270e764809b2ee2324b19427e671c3863b96f97c211,2025-01-09T08:15:30.310000
-CVE-2025-0343,1,1,f05fb7cd6ea3b612df59ace7c1ae84a0da042c86f8cebd8a8d1a38e962e0e260,2025-01-15T01:15:13.673000
+CVE-2025-0343,0,0,f05fb7cd6ea3b612df59ace7c1ae84a0da042c86f8cebd8a8d1a38e962e0e260,2025-01-15T01:15:13.673000
 CVE-2025-0344,0,0,01437ae923f1cc2bbba7f217401e4d3cbf96038b1beb917f0e2b7fe28b7c2e1b,2025-01-09T08:15:30.517000
 CVE-2025-0345,0,0,c3d5fb4ce1a2ffd9e41165f9ffe772836159a0e2b94ea1d233a347865b0f3929,2025-01-09T09:15:09.220000
 CVE-2025-0346,0,0,3ca882ed5f0f6ff30f77b6214e7e7bdd383925e6a59aee9ebd80a0c7383e3bae,2025-01-09T09:15:09.393000
@ -277075,9 +277076,9 @@ CVE-2025-21329,0,0,e053eb234509e6346e777591f7eee67377618570069360bf34234fc39e023
 CVE-2025-21330,0,0,80a4977dbce37c5d8567d0fe001790553daf1f6abc63cf234b438f7c67548e09,2025-01-14T18:15:57.940000
 CVE-2025-21331,0,0,7a818162f8ba8eea8880d8fea97ae9fc902e5806f423695656c6540478d1c5e2,2025-01-14T18:15:58.120000
 CVE-2025-21332,0,0,0076c5c8af7fbb5019d64b870d9a3205940a3532bd8cc68bd7aa25391ece3f70,2025-01-14T18:15:58.307000
-CVE-2025-21333,0,1,15d8d6e54fd9e12aad6c4e648ab476eb380b8dbaa7bccdfbd0237edb2363ebf0,2025-01-15T02:00:02.087000
-CVE-2025-21334,0,1,f3f0a621ad2ac358507d9a0511cf36fd38c487e73a8ec3bbab29c935942412c5,2025-01-15T02:00:02.087000
-CVE-2025-21335,0,1,cf93d943b5c41fd4e4d18b837704e57a9a177f6780b644a214eda56f0add9c5d,2025-01-15T02:00:02.087000
+CVE-2025-21333,0,0,15d8d6e54fd9e12aad6c4e648ab476eb380b8dbaa7bccdfbd0237edb2363ebf0,2025-01-15T02:00:02.087000
+CVE-2025-21334,0,0,f3f0a621ad2ac358507d9a0511cf36fd38c487e73a8ec3bbab29c935942412c5,2025-01-15T02:00:02.087000
+CVE-2025-21335,0,0,cf93d943b5c41fd4e4d18b837704e57a9a177f6780b644a214eda56f0add9c5d,2025-01-15T02:00:02.087000
 CVE-2025-21336,0,0,0d7c814919cbeed2c3035babb3a91cbe14e7b415bb6bee2c1177f48fe0226072,2025-01-14T18:15:59.143000
 CVE-2025-21338,0,0,829f1e0ae95ccccc175808a7477ceff41739f9dd91a35b6190dbced0f8367cc0,2025-01-14T18:15:59.300000
 CVE-2025-21339,0,0,ba30d4d8ac9f6c58d3589ae53d1f775a6b9e449bd771cb2b76f26b86f2d7f769,2025-01-14T18:15:59.480000
@ -277370,6 +277371,7 @@ CVE-2025-22983,0,0,818f0a40d17098ac93c0b9b96dbd9489c7b8bd9e521ddba6a0116d1bc14ba
 CVE-2025-22984,0,0,1a545998f559ee7e76b6e0da26fd2ee7d20b16b478982f1cd328aa26a28e86f8,2025-01-14T16:15:35.710000
 CVE-2025-22996,0,0,8fbde9f85e2db1862d1b88945e7fe9cd80408a8631ea85e47df7d19e711f0b31,2025-01-15T00:15:45.053000
 CVE-2025-22997,0,0,6eedfc7acf928822cfe0f3b225b24734a62e604efd1194c9c27450477de2e4bd,2025-01-15T00:15:45.167000
+CVE-2025-23013,1,1,e4c3b2c1c5cf16475d932b9459985c9a24772026bd2727e7454683ed69e04599,2025-01-15T04:15:20.037000
 CVE-2025-23016,0,0,31a93833611c1f04fca5216d55a04a7c92375e0aedfa95a405475196dac4f70b,2025-01-10T12:15:25.480000
 CVE-2025-23018,0,0,04057ebd16387f0035876264d984029a54f25d41dceb84c91b788d3f78ef776b,2025-01-14T20:15:32.440000
 CVE-2025-23019,0,0,2441b4edcc7db27f67ae614720ac0c1927e9c7e1651443ff935f830ebd7e09ee,2025-01-14T20:15:32.577000