admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 03:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-02-10T13:00:29.332393+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-02-10 13:03:57 +00:00
parent b4d0f9e45e
commit cf54515571
5 changed files with 128 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CVE-2024/CVE-2024-120xx/CVE-2024-12088.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-12088",
"sourceIdentifier": "secalert@redhat.com",
"published": "2025-01-14T18:15:25.643",
"lastModified": "2025-01-14T22:15:26.600",
"lastModified": "2025-02-10T12:15:28.537",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in rsync. When using the `--safe-links` option, rsync fails to properly verify if a symbolic link destination contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory."
"value": "A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory."
},
{
"lang": "es",

78
CVE-2025/CVE-2025-10xx/CVE-2025-1099.json Normal file
View File

@ -0,0 +1,78 @@
{
"id": "CVE-2025-1099",
"sourceIdentifier": "vdisclose@cert-in.org.in",
"published": "2025-02-10T11:15:21.147",
"lastModified": "2025-02-10T11:15:21.147",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The TP-Link Tapo C500 V1 and V2 are a pan-and-tilt outdoor Wi-Fi security cameras designed for comprehensive surveillance. \n\nThis vulnerability exists in Tapo C500 Wi-Fi camera due to hard-coded RSA private key embedded within the device firmware. An attacker with physical access could exploit this vulnerability to obtain cryptographic private keys which can then be used to perform impersonation, data decryption and man in the middle attacks on the targeted device."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "vdisclose@cert-in.org.in",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "vdisclose@cert-in.org.in",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-321"
}
]
}
],
"references": [
{
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0017",
"source": "vdisclose@cert-in.org.in"
}
]
}

37
CVE-2025/CVE-2025-252xx/CVE-2025-25247.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2025-25247",
"sourceIdentifier": "security@apache.org",
"published": "2025-02-10T12:15:29.557",
"lastModified": "2025-02-10T12:15:29.557",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Felix Webconsole.\n\nThis issue affects Apache Felix Webconsole 4.x up to 4.9.8 and 5.x up to 5.0.8.\n\nUsers are recommended to upgrade to version 4.9.10 or 5.0.10 or higher, which fixes the issue."
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://lists.apache.org/thread/z47jbf0rbylzd0ktfzdw9c8b5fpyl24m",
"source": "security@apache.org"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/02/10/1",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}

12
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2025-02-10T09:01:07.730188+00:00
2025-02-10T13:00:29.332393+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2025-02-10T07:15:29.780000+00:00
2025-02-10T12:15:29.557000+00:00
```
### Last Data Feed Release
@ -33,20 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
280449
280451
```
### CVEs added in the last Commit
Recently added CVEs: `0`
Recently added CVEs: `2`
- [CVE-2025-1099](CVE-2025/CVE-2025-10xx/CVE-2025-1099.json) (`2025-02-10T11:15:21.147`)
- [CVE-2025-25247](CVE-2025/CVE-2025-252xx/CVE-2025-25247.json) (`2025-02-10T12:15:29.557`)
### CVEs modified in the last Commit
Recently modified CVEs: `1`
- [CVE-2024-11218](CVE-2024/CVE-2024-112xx/CVE-2024-11218.json) (`2025-02-10T07:15:29.780`)
- [CVE-2024-12088](CVE-2024/CVE-2024-120xx/CVE-2024-12088.json) (`2025-02-10T12:15:28.537`)
## Download and Usage

6
_state.csv
View File

@ -244443,7 +244443,7 @@ CVE-2024-11213,0,0,733d387bcd2a89a3baf6e6af87e9925096408112067fd16bf967badff3e2e
CVE-2024-11214,0,0,8f15fb853ae573991dd8377f3fdb07743acb2a14953115059875124aefd71a4f,2024-11-19T15:38:59.060000
CVE-2024-11215,0,0,649934bde3315408f935571e43aced9541face2e1cac41750a3378db1c35aaf3,2024-11-15T13:58:08.913000
CVE-2024-11217,0,0,cb24a1bdb987ee2ebd888113abdd2cecfb9cb2fe9a3dca74044179030beb620c,2024-11-18T17:11:56.587000
CVE-2024-11218,0,1,0c6a3ce939afc0a352ea69972de0364b0317d959f71cbda51c1b0a5924a06186,2025-02-10T07:15:29.780000
CVE-2024-11218,0,0,0c6a3ce939afc0a352ea69972de0364b0317d959f71cbda51c1b0a5924a06186,2025-02-10T07:15:29.780000
CVE-2024-11219,0,0,e0425cf1f1ca40cc6d95ef04e03e17b5776d09d72a88fcf5abbcb2ac00f59570,2024-11-27T06:15:18.110000
CVE-2024-1122,0,0,4a647161edb6d6dbac08921722ee9f0f3f3f764af2a44d6cd56ac17a7d3d92e5,2024-11-21T08:49:50.943000
CVE-2024-11220,0,0,2bacf5e02725323b27ba9cab9bc5f331ae5ef28bd238022ab9e1ae19b09e4fbc,2025-01-23T16:54:24.970000
@ -245247,7 +245247,7 @@ CVE-2024-12084,0,0,85dd725fc2f0b24c79e999378b1f0199fad5fe5d164b31609c57a84bcb434
CVE-2024-12085,0,0,9a161213d022d60d671ea3cb4cb11ce33fd8c0478fd9dd236104abdf8ba774f7,2025-02-03T20:15:32.520000
CVE-2024-12086,0,0,e5130c03152639985c3e2f822b45f241716bd573825b1ce309364a23fc10467b,2025-01-14T22:15:26.370000
CVE-2024-12087,0,0,083db16c2a7b9baa1b397fd2cd269bff2aa8f7c2646d1851d134f1f8a052e34a,2025-01-14T22:15:26.503000
CVE-2024-12088,0,0,789608af69629f4130f54998ea59694fde701c19a329a9d8093e26a51277e55d,2025-01-14T22:15:26.600000
CVE-2024-12088,0,1,43a2123ff1daddac120d556957600405449568b28a84ca944004ee72fa7fff31,2025-02-10T12:15:28.537000
CVE-2024-12089,0,0,e4693d0f49f7bcd8f49a3c46cbf99b45117c9aeb9696a4344a79bacac3eaba78,2024-12-16T15:15:06.250000
CVE-2024-1209,0,0,0c11632b4f799f8334de1fe031a18ed75abc1306137789706f83e79036cdbf29,2024-11-21T08:50:02.720000
CVE-2024-12090,0,0,3ae49935c044b86a3444ecb09701dd060f603a46c2ce1e27c4f8226f9377436d,2024-12-16T15:15:06.393000
@ -278630,6 +278630,7 @@ CVE-2025-1084,0,0,b0d508f1ab3a1d3dc65fb5a374e03ada5ac495226151bdcc4d5b2ac7850ddb
CVE-2025-1085,0,0,f584db130967758b77431e11a5f469d25699b86ea49d2e400bcb605050e5a113,2025-02-07T01:15:07.930000
CVE-2025-1086,0,0,939f922cf83473192b0b258783d5ca641c4443176d820dcd2d3b84e692405303,2025-02-07T02:15:30.523000
CVE-2025-1096,0,0,f369ee58dbaa6e142f3d975d8711cac15a0a303facd75e898c558f3e454cc535,2025-02-08T01:15:07.947000
CVE-2025-1099,1,1,bf17eec112b497da534e01d8cb5eb20bbffb3f16a9e8841ea572781479eb3e5f,2025-02-10T11:15:21.147000
CVE-2025-1103,0,0,0da522d14deeaf45148b501a367ab749f077dad47c4b30f829bee85624296edf,2025-02-07T16:15:39.973000
CVE-2025-1104,0,0,f27d338b8e2511acc1acbe6516171263568f132d7b220ca31da3272b87396332,2025-02-07T17:15:31.477000
CVE-2025-1105,0,0,aa7b6cd0c83a86d735235deb6c7a0772ed1014df82b1e052f59dde14d6f5ec93,2025-02-07T18:15:28.433000
@ -280448,3 +280449,4 @@ CVE-2025-25181,0,0,4d67ec539e847fe84660f43fd38b8d53f4b38c60fadbe4831b0e67bce3150
CVE-2025-25183,0,0,a47fca60ce37f6e1f3d8c94fd73efeedc3b0f25b6d56a99cb911f6f7e296e3c6,2025-02-07T20:15:34.083000
CVE-2025-25187,0,0,e424cf7b908e75a97fa0de6a767a0db68015df6d0c2f99abb84da57aa225b64b,2025-02-07T23:15:15.217000
CVE-2025-25246,0,0,0ae0916aaea4283fe6ce79729127d0aa8edfdf07242f3416b5c2d5ec885c2c98,2025-02-05T05:15:11.663000
CVE-2025-25247,1,1,d94cddda05ca03cd8c39ac31cdc0bf4a334f19a72694b692d33e4b6e781c2225,2025-02-10T12:15:29.557000

Can't render this file because it is too large.