Auto-Update: 2025-01-25T19:00:19.210624+00:00

CVE-2025/CVE-2025-05xx/CVE-2025-0542.json

@@ -0,0 +1,104 @@
+{
+  "id": "CVE-2025-0542",
+  "sourceIdentifier": "a341c0d1-ebf7-493f-a84e-38cf86618674",
+  "published": "2025-01-25T17:15:21.030",
+  "lastModified": "2025-01-25T17:15:21.030",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Local privilege escalation due to incorrect assignment of privileges of temporary files in the update mechanism of G DATA Management Server. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing a crafted ZIP archive in a globally writable directory, which gets unpacked in the context of SYSTEM and results in arbitrary file write."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "a341c0d1-ebf7-493f-a84e-38cf86618674",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "baseScore": 7.3,
+          "baseSeverity": "HIGH",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "attackRequirements": "PRESENT",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "vulnerableSystemConfidentiality": "HIGH",
+          "vulnerableSystemIntegrity": "HIGH",
+          "vulnerableSystemAvailability": "HIGH",
+          "subsequentSystemConfidentiality": "NONE",
+          "subsequentSystemIntegrity": "NONE",
+          "subsequentSystemAvailability": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirements": "NOT_DEFINED",
+          "integrityRequirements": "NOT_DEFINED",
+          "availabilityRequirements": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
+          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
+          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
+          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
+          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
+          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
+          "safety": "NOT_DEFINED",
+          "automatable": "NOT_DEFINED",
+          "recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED"
+        }
+      }
+    ],
+    "cvssMetricV31": [
+      {
+        "source": "a341c0d1-ebf7-493f-a84e-38cf86618674",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "a341c0d1-ebf7-493f-a84e-38cf86618674",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-22"
+        },
+        {
+          "lang": "en",
+          "value": "CWE-276"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/nullby73/security-advisories/tree/main/CVE-2025-0542",
+      "source": "a341c0d1-ebf7-493f-a84e-38cf86618674"
+    }
+  ]
+}

CVE-2025/CVE-2025-05xx/CVE-2025-0543.json

@@ -0,0 +1,100 @@
+{
+  "id": "CVE-2025-0543",
+  "sourceIdentifier": "a341c0d1-ebf7-493f-a84e-38cf86618674",
+  "published": "2025-01-25T17:15:21.720",
+  "lastModified": "2025-01-25T17:15:21.720",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Local privilege escalation in G DATA Security Client due to incorrect assignment of privileges to directories. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing an arbitrary executable in a globally writable directory resulting in execution by the SetupSVC.exe service in the context of SYSTEM."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "a341c0d1-ebf7-493f-a84e-38cf86618674",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "baseScore": 8.5,
+          "baseSeverity": "HIGH",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "vulnerableSystemConfidentiality": "HIGH",
+          "vulnerableSystemIntegrity": "HIGH",
+          "vulnerableSystemAvailability": "HIGH",
+          "subsequentSystemConfidentiality": "NONE",
+          "subsequentSystemIntegrity": "NONE",
+          "subsequentSystemAvailability": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirements": "NOT_DEFINED",
+          "integrityRequirements": "NOT_DEFINED",
+          "availabilityRequirements": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
+          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
+          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
+          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
+          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
+          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
+          "safety": "NOT_DEFINED",
+          "automatable": "NOT_DEFINED",
+          "recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED"
+        }
+      }
+    ],
+    "cvssMetricV31": [
+      {
+        "source": "a341c0d1-ebf7-493f-a84e-38cf86618674",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "a341c0d1-ebf7-493f-a84e-38cf86618674",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-276"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/nullby73/security-advisories/tree/main/CVE-2025-0543",
+      "source": "a341c0d1-ebf7-493f-a84e-38cf86618674"
+    }
+  ]
+}

CVE-2025/CVE-2025-215xx/CVE-2025-21502.json

@@ -2,7 +2,7 @@
   "id": "CVE-2025-21502",
   "sourceIdentifier": "secalert_us@oracle.com",
   "published": "2025-01-21T21:15:15.180",
-  "lastModified": "2025-01-24T20:15:34.500",
+  "lastModified": "2025-01-25T18:15:26.790",
   "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
@@ -56,6 +56,10 @@
       "url": "https://www.oracle.com/security-alerts/cpujan2025.html",
       "source": "secalert_us@oracle.com"
     },
+    {
+      "url": "http://www.openwall.com/lists/oss-security/2025/01/25/6",
+      "source": "af854a3a-2127-422b-91ae-364da2661108"
+    },
     {
       "url": "https://security.netapp.com/advisory/ntap-20250124-0009/",
       "source": "af854a3a-2127-422b-91ae-364da2661108"

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2025-01-25T17:00:19.225807+00:00
+2025-01-25T19:00:19.210624+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2025-01-25T15:15:08.770000+00:00
+2025-01-25T18:15:26.790000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,23 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-278976
+278978
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `4`
+Recently added CVEs: `2`
 
-- [CVE-2024-35144](CVE-2024/CVE-2024-351xx/CVE-2024-35144.json) (`2025-01-25T15:15:07.633`)
-- [CVE-2024-35145](CVE-2024/CVE-2024-351xx/CVE-2024-35145.json) (`2025-01-25T15:15:08.440`)
-- [CVE-2024-35148](CVE-2024/CVE-2024-351xx/CVE-2024-35148.json) (`2025-01-25T15:15:08.613`)
-- [CVE-2024-35150](CVE-2024/CVE-2024-351xx/CVE-2024-35150.json) (`2025-01-25T15:15:08.770`)
+- [CVE-2025-0542](CVE-2025/CVE-2025-05xx/CVE-2025-0542.json) (`2025-01-25T17:15:21.030`)
+- [CVE-2025-0543](CVE-2025/CVE-2025-05xx/CVE-2025-0543.json) (`2025-01-25T17:15:21.720`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `0`
+Recently modified CVEs: `1`
 
+- [CVE-2025-21502](CVE-2025/CVE-2025-215xx/CVE-2025-21502.json) (`2025-01-25T18:15:26.790`)
 
 
 ## Download and Usage

_state.csv

@@ -258364,12 +258364,12 @@ CVE-2024-35140,0,0,37f4140de7aa8dd39d8111f031d5c587c1416ebdb1bb9df593f833a210253
 CVE-2024-35141,0,0,3d2ec3f244dac1a61d82845f09dd060aa8f5140fee1c7509e0fc99213fe22450,2024-12-19T02:15:22.810000
 CVE-2024-35142,0,0,e09c5238f96d6b53b763e5c8961455b72303122361b03a3c2392fee37019e072,2024-11-21T09:19:49.550000
 CVE-2024-35143,0,0,5cb5e3449a374a30898ff7b59de5af975c3a54dcd7a31450775ca701ccf638fe,2024-09-11T14:34:13.590000
-CVE-2024-35144,1,1,65bfff25065dc06e7ed3ffa2c7e9ed55e23f7e474c71c541e867327945cd230e,2025-01-25T15:15:07.633000
-CVE-2024-35145,1,1,8d8b40b9515a5e67e9a273cb2dbf15ac7a0e7e8f6cb7f4063639fb909d26b9da,2025-01-25T15:15:08.440000
+CVE-2024-35144,0,0,65bfff25065dc06e7ed3ffa2c7e9ed55e23f7e474c71c541e867327945cd230e,2025-01-25T15:15:07.633000
+CVE-2024-35145,0,0,8d8b40b9515a5e67e9a273cb2dbf15ac7a0e7e8f6cb7f4063639fb909d26b9da,2025-01-25T15:15:08.440000
 CVE-2024-35146,0,0,e7eacc636adf897d4c5c011e27d3e274a3de7c91ebf2fa6595e9899d9810f678,2024-11-06T18:17:17.287000
-CVE-2024-35148,1,1,4d9cb80437395e76c29e24ff14b3210ab51ecfb8a9edc482c4ff15182e7f0b89,2025-01-25T15:15:08.613000
+CVE-2024-35148,0,0,4d9cb80437395e76c29e24ff14b3210ab51ecfb8a9edc482c4ff15182e7f0b89,2025-01-25T15:15:08.613000
 CVE-2024-3515,0,0,34ca6c141b25b76cf038dbaf586f76e7d83b53d44af4d1d927517cbfe224c717,2024-12-19T16:19:23.533000
-CVE-2024-35150,1,1,83cbeddca14d2029b4a2d200eb93758e7db307bc3629271c332585e1a777eff8,2025-01-25T15:15:08.770000
+CVE-2024-35150,0,0,83cbeddca14d2029b4a2d200eb93758e7db307bc3629271c332585e1a777eff8,2025-01-25T15:15:08.770000
 CVE-2024-35151,0,0,997e62f9e09bd79d901a818fa07d83a57b09161e5818037373bd99fb7a3f83e8,2024-08-23T15:32:15.270000
 CVE-2024-35152,0,0,06c6f92d2caf727cd4e0214816e496c021be32e43d31786397f60659ca719146,2024-08-23T18:57:54.717000
 CVE-2024-35153,0,0,72b7eff1e351197066dcedfe56c19ee4fca9d867b0c858ba84a516b5786df0b4,2024-11-21T09:19:49.987000
@@ -277676,6 +277676,8 @@ CVE-2025-0537,0,0,e9b01e0e46262a9663cbca458d19a40294de3b3457766cc7a94219e1b39c3a
 CVE-2025-0538,0,0,fdb71c169a1ff00025f3221162997061f56b4148118b4d440f7c0776cc2e91ec,2025-01-18T09:15:07.570000
 CVE-2025-0540,0,0,0fe6a3968060e1d9e108f736a24030b6ee6db8d0695d6022f7d1a51c2ca09a50,2025-01-17T21:15:11.037000
 CVE-2025-0541,0,0,422e97928ac96e00be4b8b72ccf9ce9a6f4a23518705054b1953468a190b5cd0,2025-01-17T22:15:29.337000
+CVE-2025-0542,1,1,ec3a256d444b58c869581713e9014aa5027c2a9699d557e8128524bd9c3636a2,2025-01-25T17:15:21.030000
+CVE-2025-0543,1,1,b9d3d0389afe479b9b0ba48f494bb68f90326db92d7b20889079c93d18253dc5,2025-01-25T17:15:21.720000
 CVE-2025-0554,0,0,7cdbd44c1d3cc981944ecd6d5c9c3ad7d1c5de5034144b9547e97228edf48404,2025-01-18T06:15:28.160000
 CVE-2025-0557,0,0,02f1591d13c69cc704deb2418c78ecda10342b88f0da7a742a9052ce142dadb8,2025-01-18T09:15:07.710000
 CVE-2025-0558,0,0,e6ae7cd63ee086a636ac4e9d186d59f2a3d6ddbb3865e941307bd5dda93830f2,2025-01-18T13:15:20.417000
@@ -277943,7 +277945,7 @@ CVE-2025-21498,0,0,1121a212146d5056853b73dcdb9fae89353866d7239590b2949de592cfc79
 CVE-2025-21499,0,0,2c32e354ed5a6e4eea492ba23bb7728e07a08fad97151da4f29131ca6df8e113,2025-01-23T17:15:23.230000
 CVE-2025-21500,0,0,bbe9f114cc8d8e49962ad9854df4e89c5a30ee8cfa74d29f4db3b527d20b85d8,2025-01-23T17:15:23.520000
 CVE-2025-21501,0,0,b499d527899d3c99b0af0dd327ab08d36e2a133ebd4d99fcf7220ac8dcf2048e,2025-01-23T17:15:23.680000
-CVE-2025-21502,0,0,bcaf1d92c66b5b1a9efc00ebff1fdc4e2a0848184817e1eff8671e84f48a5148,2025-01-24T20:15:34.500000
+CVE-2025-21502,0,1,f5271a08eadae8ce4a3dde8ce36b330c6335abd8b196c7de7b953f387d6390a6,2025-01-25T18:15:26.790000
 CVE-2025-21503,0,0,080f9da947c7317b04f4eddb1ade32f90cb3468e2aae9c32affbab4901d70265,2025-01-23T17:15:23.987000
 CVE-2025-21504,0,0,5e6343e63c0c757690808cbfd0f3aecf26233691269ccced5982828c9467730c,2025-01-23T17:15:24.147000
 CVE-2025-21505,0,0,d38d80007487ff694532508e892a45688687c6b699ba24e27e4e84ef185a18d2,2025-01-22T19:15:10.520000