From c341dfa9630789b4f8768d1fa52f36fbd9f28bc8 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sat, 25 Jan 2025 19:03:44 +0000 Subject: [PATCH] Auto-Update: 2025-01-25T19:00:19.210624+00:00 --- CVE-2025/CVE-2025-05xx/CVE-2025-0542.json | 104 ++++++++++++++++++++ CVE-2025/CVE-2025-05xx/CVE-2025-0543.json | 100 +++++++++++++++++++ CVE-2025/CVE-2025-215xx/CVE-2025-21502.json | 6 +- README.md | 17 ++-- _state.csv | 12 ++- 5 files changed, 224 insertions(+), 15 deletions(-) create mode 100644 CVE-2025/CVE-2025-05xx/CVE-2025-0542.json create mode 100644 CVE-2025/CVE-2025-05xx/CVE-2025-0543.json diff --git a/CVE-2025/CVE-2025-05xx/CVE-2025-0542.json b/CVE-2025/CVE-2025-05xx/CVE-2025-0542.json new file mode 100644 index 00000000000..5f9de155947 --- /dev/null +++ b/CVE-2025/CVE-2025-05xx/CVE-2025-0542.json @@ -0,0 +1,104 @@ +{ + "id": "CVE-2025-0542", + "sourceIdentifier": "a341c0d1-ebf7-493f-a84e-38cf86618674", + "published": "2025-01-25T17:15:21.030", + "lastModified": "2025-01-25T17:15:21.030", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Local privilege escalation due to incorrect assignment of privileges of temporary files in the update mechanism of G DATA Management Server. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing a crafted ZIP archive in a globally writable directory, which gets unpacked in the context of SYSTEM and results in arbitrary file write." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "a341c0d1-ebf7-493f-a84e-38cf86618674", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "PRESENT", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "a341c0d1-ebf7-493f-a84e-38cf86618674", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "a341c0d1-ebf7-493f-a84e-38cf86618674", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + }, + { + "lang": "en", + "value": "CWE-276" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/nullby73/security-advisories/tree/main/CVE-2025-0542", + "source": "a341c0d1-ebf7-493f-a84e-38cf86618674" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-05xx/CVE-2025-0543.json b/CVE-2025/CVE-2025-05xx/CVE-2025-0543.json new file mode 100644 index 00000000000..a1af91d765a --- /dev/null +++ b/CVE-2025/CVE-2025-05xx/CVE-2025-0543.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2025-0543", + "sourceIdentifier": "a341c0d1-ebf7-493f-a84e-38cf86618674", + "published": "2025-01-25T17:15:21.720", + "lastModified": "2025-01-25T17:15:21.720", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Local privilege escalation in G DATA Security Client due to incorrect assignment of privileges to directories. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing an arbitrary executable in a globally writable directory resulting in execution by the SetupSVC.exe service in the context of SYSTEM." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "a341c0d1-ebf7-493f-a84e-38cf86618674", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "a341c0d1-ebf7-493f-a84e-38cf86618674", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "a341c0d1-ebf7-493f-a84e-38cf86618674", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/nullby73/security-advisories/tree/main/CVE-2025-0543", + "source": "a341c0d1-ebf7-493f-a84e-38cf86618674" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-215xx/CVE-2025-21502.json b/CVE-2025/CVE-2025-215xx/CVE-2025-21502.json index 17f33eff94f..c9d7aac11a5 100644 --- a/CVE-2025/CVE-2025-215xx/CVE-2025-21502.json +++ b/CVE-2025/CVE-2025-215xx/CVE-2025-21502.json @@ -2,7 +2,7 @@ "id": "CVE-2025-21502", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-01-21T21:15:15.180", - "lastModified": "2025-01-24T20:15:34.500", + "lastModified": "2025-01-25T18:15:26.790", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -56,6 +56,10 @@ "url": "https://www.oracle.com/security-alerts/cpujan2025.html", "source": "secalert_us@oracle.com" }, + { + "url": "http://www.openwall.com/lists/oss-security/2025/01/25/6", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, { "url": "https://security.netapp.com/advisory/ntap-20250124-0009/", "source": "af854a3a-2127-422b-91ae-364da2661108" diff --git a/README.md b/README.md index ee47cf5e3e3..29ab9787a4a 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-01-25T17:00:19.225807+00:00 +2025-01-25T19:00:19.210624+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-01-25T15:15:08.770000+00:00 +2025-01-25T18:15:26.790000+00:00 ``` ### Last Data Feed Release @@ -33,23 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -278976 +278978 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `2` -- [CVE-2024-35144](CVE-2024/CVE-2024-351xx/CVE-2024-35144.json) (`2025-01-25T15:15:07.633`) -- [CVE-2024-35145](CVE-2024/CVE-2024-351xx/CVE-2024-35145.json) (`2025-01-25T15:15:08.440`) -- [CVE-2024-35148](CVE-2024/CVE-2024-351xx/CVE-2024-35148.json) (`2025-01-25T15:15:08.613`) -- [CVE-2024-35150](CVE-2024/CVE-2024-351xx/CVE-2024-35150.json) (`2025-01-25T15:15:08.770`) +- [CVE-2025-0542](CVE-2025/CVE-2025-05xx/CVE-2025-0542.json) (`2025-01-25T17:15:21.030`) +- [CVE-2025-0543](CVE-2025/CVE-2025-05xx/CVE-2025-0543.json) (`2025-01-25T17:15:21.720`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `1` +- [CVE-2025-21502](CVE-2025/CVE-2025-215xx/CVE-2025-21502.json) (`2025-01-25T18:15:26.790`) ## Download and Usage diff --git a/_state.csv b/_state.csv index f633eee584f..952035f9698 100644 --- a/_state.csv +++ b/_state.csv @@ -258364,12 +258364,12 @@ CVE-2024-35140,0,0,37f4140de7aa8dd39d8111f031d5c587c1416ebdb1bb9df593f833a210253 CVE-2024-35141,0,0,3d2ec3f244dac1a61d82845f09dd060aa8f5140fee1c7509e0fc99213fe22450,2024-12-19T02:15:22.810000 CVE-2024-35142,0,0,e09c5238f96d6b53b763e5c8961455b72303122361b03a3c2392fee37019e072,2024-11-21T09:19:49.550000 CVE-2024-35143,0,0,5cb5e3449a374a30898ff7b59de5af975c3a54dcd7a31450775ca701ccf638fe,2024-09-11T14:34:13.590000 -CVE-2024-35144,1,1,65bfff25065dc06e7ed3ffa2c7e9ed55e23f7e474c71c541e867327945cd230e,2025-01-25T15:15:07.633000 -CVE-2024-35145,1,1,8d8b40b9515a5e67e9a273cb2dbf15ac7a0e7e8f6cb7f4063639fb909d26b9da,2025-01-25T15:15:08.440000 +CVE-2024-35144,0,0,65bfff25065dc06e7ed3ffa2c7e9ed55e23f7e474c71c541e867327945cd230e,2025-01-25T15:15:07.633000 +CVE-2024-35145,0,0,8d8b40b9515a5e67e9a273cb2dbf15ac7a0e7e8f6cb7f4063639fb909d26b9da,2025-01-25T15:15:08.440000 CVE-2024-35146,0,0,e7eacc636adf897d4c5c011e27d3e274a3de7c91ebf2fa6595e9899d9810f678,2024-11-06T18:17:17.287000 -CVE-2024-35148,1,1,4d9cb80437395e76c29e24ff14b3210ab51ecfb8a9edc482c4ff15182e7f0b89,2025-01-25T15:15:08.613000 +CVE-2024-35148,0,0,4d9cb80437395e76c29e24ff14b3210ab51ecfb8a9edc482c4ff15182e7f0b89,2025-01-25T15:15:08.613000 CVE-2024-3515,0,0,34ca6c141b25b76cf038dbaf586f76e7d83b53d44af4d1d927517cbfe224c717,2024-12-19T16:19:23.533000 -CVE-2024-35150,1,1,83cbeddca14d2029b4a2d200eb93758e7db307bc3629271c332585e1a777eff8,2025-01-25T15:15:08.770000 +CVE-2024-35150,0,0,83cbeddca14d2029b4a2d200eb93758e7db307bc3629271c332585e1a777eff8,2025-01-25T15:15:08.770000 CVE-2024-35151,0,0,997e62f9e09bd79d901a818fa07d83a57b09161e5818037373bd99fb7a3f83e8,2024-08-23T15:32:15.270000 CVE-2024-35152,0,0,06c6f92d2caf727cd4e0214816e496c021be32e43d31786397f60659ca719146,2024-08-23T18:57:54.717000 CVE-2024-35153,0,0,72b7eff1e351197066dcedfe56c19ee4fca9d867b0c858ba84a516b5786df0b4,2024-11-21T09:19:49.987000 @@ -277676,6 +277676,8 @@ CVE-2025-0537,0,0,e9b01e0e46262a9663cbca458d19a40294de3b3457766cc7a94219e1b39c3a CVE-2025-0538,0,0,fdb71c169a1ff00025f3221162997061f56b4148118b4d440f7c0776cc2e91ec,2025-01-18T09:15:07.570000 CVE-2025-0540,0,0,0fe6a3968060e1d9e108f736a24030b6ee6db8d0695d6022f7d1a51c2ca09a50,2025-01-17T21:15:11.037000 CVE-2025-0541,0,0,422e97928ac96e00be4b8b72ccf9ce9a6f4a23518705054b1953468a190b5cd0,2025-01-17T22:15:29.337000 +CVE-2025-0542,1,1,ec3a256d444b58c869581713e9014aa5027c2a9699d557e8128524bd9c3636a2,2025-01-25T17:15:21.030000 +CVE-2025-0543,1,1,b9d3d0389afe479b9b0ba48f494bb68f90326db92d7b20889079c93d18253dc5,2025-01-25T17:15:21.720000 CVE-2025-0554,0,0,7cdbd44c1d3cc981944ecd6d5c9c3ad7d1c5de5034144b9547e97228edf48404,2025-01-18T06:15:28.160000 CVE-2025-0557,0,0,02f1591d13c69cc704deb2418c78ecda10342b88f0da7a742a9052ce142dadb8,2025-01-18T09:15:07.710000 CVE-2025-0558,0,0,e6ae7cd63ee086a636ac4e9d186d59f2a3d6ddbb3865e941307bd5dda93830f2,2025-01-18T13:15:20.417000 @@ -277943,7 +277945,7 @@ CVE-2025-21498,0,0,1121a212146d5056853b73dcdb9fae89353866d7239590b2949de592cfc79 CVE-2025-21499,0,0,2c32e354ed5a6e4eea492ba23bb7728e07a08fad97151da4f29131ca6df8e113,2025-01-23T17:15:23.230000 CVE-2025-21500,0,0,bbe9f114cc8d8e49962ad9854df4e89c5a30ee8cfa74d29f4db3b527d20b85d8,2025-01-23T17:15:23.520000 CVE-2025-21501,0,0,b499d527899d3c99b0af0dd327ab08d36e2a133ebd4d99fcf7220ac8dcf2048e,2025-01-23T17:15:23.680000 -CVE-2025-21502,0,0,bcaf1d92c66b5b1a9efc00ebff1fdc4e2a0848184817e1eff8671e84f48a5148,2025-01-24T20:15:34.500000 +CVE-2025-21502,0,1,f5271a08eadae8ce4a3dde8ce36b330c6335abd8b196c7de7b953f387d6390a6,2025-01-25T18:15:26.790000 CVE-2025-21503,0,0,080f9da947c7317b04f4eddb1ade32f90cb3468e2aae9c32affbab4901d70265,2025-01-23T17:15:23.987000 CVE-2025-21504,0,0,5e6343e63c0c757690808cbfd0f3aecf26233691269ccced5982828c9467730c,2025-01-23T17:15:24.147000 CVE-2025-21505,0,0,d38d80007487ff694532508e892a45688687c6b699ba24e27e4e84ef185a18d2,2025-01-22T19:15:10.520000