Auto-Update: 2025-02-10T13:00:29.332393+00:00

CVE-2024/CVE-2024-120xx/CVE-2024-12088.json

@@ -2,13 +2,13 @@
   "id": "CVE-2024-12088",
   "sourceIdentifier": "secalert@redhat.com",
   "published": "2025-01-14T18:15:25.643",
-  "lastModified": "2025-01-14T22:15:26.600",
+  "lastModified": "2025-02-10T12:15:28.537",
   "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
-      "value": "A flaw was found in rsync. When using the `--safe-links` option, rsync fails to properly verify if a symbolic link destination contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory."
+      "value": "A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory."
     },
     {
       "lang": "es",

CVE-2025/CVE-2025-10xx/CVE-2025-1099.json

@@ -0,0 +1,78 @@
+{
+  "id": "CVE-2025-1099",
+  "sourceIdentifier": "vdisclose@cert-in.org.in",
+  "published": "2025-02-10T11:15:21.147",
+  "lastModified": "2025-02-10T11:15:21.147",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The TP-Link Tapo C500 V1 and V2 are a pan-and-tilt outdoor Wi-Fi security cameras designed for comprehensive surveillance. \n\nThis vulnerability exists in Tapo C500 Wi-Fi camera due to hard-coded RSA private key embedded within the device firmware. An attacker with physical access could exploit this vulnerability to obtain cryptographic private keys which can then be used to perform impersonation, data decryption and man in the middle attacks on the targeted device."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "vdisclose@cert-in.org.in",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "baseScore": 7.0,
+          "baseSeverity": "HIGH",
+          "attackVector": "PHYSICAL",
+          "attackComplexity": "LOW",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "vulnerableSystemConfidentiality": "HIGH",
+          "vulnerableSystemIntegrity": "HIGH",
+          "vulnerableSystemAvailability": "HIGH",
+          "subsequentSystemConfidentiality": "NONE",
+          "subsequentSystemIntegrity": "NONE",
+          "subsequentSystemAvailability": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirements": "NOT_DEFINED",
+          "integrityRequirements": "NOT_DEFINED",
+          "availabilityRequirements": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
+          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
+          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
+          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
+          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
+          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
+          "safety": "NOT_DEFINED",
+          "automatable": "NOT_DEFINED",
+          "recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED"
+        }
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "vdisclose@cert-in.org.in",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-321"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0017",
+      "source": "vdisclose@cert-in.org.in"
+    }
+  ]
+}

CVE-2025/CVE-2025-252xx/CVE-2025-25247.json

@@ -0,0 +1,37 @@
+{
+  "id": "CVE-2025-25247",
+  "sourceIdentifier": "security@apache.org",
+  "published": "2025-02-10T12:15:29.557",
+  "lastModified": "2025-02-10T12:15:29.557",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Felix Webconsole.\n\nThis issue affects Apache Felix Webconsole 4.x up to 4.9.8 and 5.x up to 5.0.8.\n\nUsers are recommended to upgrade to version 4.9.10 or 5.0.10 or higher, which fixes the issue."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "security@apache.org",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://lists.apache.org/thread/z47jbf0rbylzd0ktfzdw9c8b5fpyl24m",
+      "source": "security@apache.org"
+    },
+    {
+      "url": "http://www.openwall.com/lists/oss-security/2025/02/10/1",
+      "source": "af854a3a-2127-422b-91ae-364da2661108"
+    }
+  ]
+}

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2025-02-10T09:01:07.730188+00:00
+2025-02-10T13:00:29.332393+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2025-02-10T07:15:29.780000+00:00
+2025-02-10T12:15:29.557000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,20 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-280449
+280451
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `0`
+Recently added CVEs: `2`
 
+- [CVE-2025-1099](CVE-2025/CVE-2025-10xx/CVE-2025-1099.json) (`2025-02-10T11:15:21.147`)
+- [CVE-2025-25247](CVE-2025/CVE-2025-252xx/CVE-2025-25247.json) (`2025-02-10T12:15:29.557`)
 
 
 ### CVEs modified in the last Commit
 
 Recently modified CVEs: `1`
 
-- [CVE-2024-11218](CVE-2024/CVE-2024-112xx/CVE-2024-11218.json) (`2025-02-10T07:15:29.780`)
+- [CVE-2024-12088](CVE-2024/CVE-2024-120xx/CVE-2024-12088.json) (`2025-02-10T12:15:28.537`)
 
 
 ## Download and Usage

_state.csv

@@ -244443,7 +244443,7 @@ CVE-2024-11213,0,0,733d387bcd2a89a3baf6e6af87e9925096408112067fd16bf967badff3e2e
 CVE-2024-11214,0,0,8f15fb853ae573991dd8377f3fdb07743acb2a14953115059875124aefd71a4f,2024-11-19T15:38:59.060000
 CVE-2024-11215,0,0,649934bde3315408f935571e43aced9541face2e1cac41750a3378db1c35aaf3,2024-11-15T13:58:08.913000
 CVE-2024-11217,0,0,cb24a1bdb987ee2ebd888113abdd2cecfb9cb2fe9a3dca74044179030beb620c,2024-11-18T17:11:56.587000
-CVE-2024-11218,0,1,0c6a3ce939afc0a352ea69972de0364b0317d959f71cbda51c1b0a5924a06186,2025-02-10T07:15:29.780000
+CVE-2024-11218,0,0,0c6a3ce939afc0a352ea69972de0364b0317d959f71cbda51c1b0a5924a06186,2025-02-10T07:15:29.780000
 CVE-2024-11219,0,0,e0425cf1f1ca40cc6d95ef04e03e17b5776d09d72a88fcf5abbcb2ac00f59570,2024-11-27T06:15:18.110000
 CVE-2024-1122,0,0,4a647161edb6d6dbac08921722ee9f0f3f3f764af2a44d6cd56ac17a7d3d92e5,2024-11-21T08:49:50.943000
 CVE-2024-11220,0,0,2bacf5e02725323b27ba9cab9bc5f331ae5ef28bd238022ab9e1ae19b09e4fbc,2025-01-23T16:54:24.970000
@@ -245247,7 +245247,7 @@ CVE-2024-12084,0,0,85dd725fc2f0b24c79e999378b1f0199fad5fe5d164b31609c57a84bcb434
 CVE-2024-12085,0,0,9a161213d022d60d671ea3cb4cb11ce33fd8c0478fd9dd236104abdf8ba774f7,2025-02-03T20:15:32.520000
 CVE-2024-12086,0,0,e5130c03152639985c3e2f822b45f241716bd573825b1ce309364a23fc10467b,2025-01-14T22:15:26.370000
 CVE-2024-12087,0,0,083db16c2a7b9baa1b397fd2cd269bff2aa8f7c2646d1851d134f1f8a052e34a,2025-01-14T22:15:26.503000
-CVE-2024-12088,0,0,789608af69629f4130f54998ea59694fde701c19a329a9d8093e26a51277e55d,2025-01-14T22:15:26.600000
+CVE-2024-12088,0,1,43a2123ff1daddac120d556957600405449568b28a84ca944004ee72fa7fff31,2025-02-10T12:15:28.537000
 CVE-2024-12089,0,0,e4693d0f49f7bcd8f49a3c46cbf99b45117c9aeb9696a4344a79bacac3eaba78,2024-12-16T15:15:06.250000
 CVE-2024-1209,0,0,0c11632b4f799f8334de1fe031a18ed75abc1306137789706f83e79036cdbf29,2024-11-21T08:50:02.720000
 CVE-2024-12090,0,0,3ae49935c044b86a3444ecb09701dd060f603a46c2ce1e27c4f8226f9377436d,2024-12-16T15:15:06.393000
@@ -278630,6 +278630,7 @@ CVE-2025-1084,0,0,b0d508f1ab3a1d3dc65fb5a374e03ada5ac495226151bdcc4d5b2ac7850ddb
 CVE-2025-1085,0,0,f584db130967758b77431e11a5f469d25699b86ea49d2e400bcb605050e5a113,2025-02-07T01:15:07.930000
 CVE-2025-1086,0,0,939f922cf83473192b0b258783d5ca641c4443176d820dcd2d3b84e692405303,2025-02-07T02:15:30.523000
 CVE-2025-1096,0,0,f369ee58dbaa6e142f3d975d8711cac15a0a303facd75e898c558f3e454cc535,2025-02-08T01:15:07.947000
+CVE-2025-1099,1,1,bf17eec112b497da534e01d8cb5eb20bbffb3f16a9e8841ea572781479eb3e5f,2025-02-10T11:15:21.147000
 CVE-2025-1103,0,0,0da522d14deeaf45148b501a367ab749f077dad47c4b30f829bee85624296edf,2025-02-07T16:15:39.973000
 CVE-2025-1104,0,0,f27d338b8e2511acc1acbe6516171263568f132d7b220ca31da3272b87396332,2025-02-07T17:15:31.477000
 CVE-2025-1105,0,0,aa7b6cd0c83a86d735235deb6c7a0772ed1014df82b1e052f59dde14d6f5ec93,2025-02-07T18:15:28.433000
@@ -280448,3 +280449,4 @@ CVE-2025-25181,0,0,4d67ec539e847fe84660f43fd38b8d53f4b38c60fadbe4831b0e67bce3150
 CVE-2025-25183,0,0,a47fca60ce37f6e1f3d8c94fd73efeedc3b0f25b6d56a99cb911f6f7e296e3c6,2025-02-07T20:15:34.083000
 CVE-2025-25187,0,0,e424cf7b908e75a97fa0de6a767a0db68015df6d0c2f99abb84da57aa225b64b,2025-02-07T23:15:15.217000
 CVE-2025-25246,0,0,0ae0916aaea4283fe6ce79729127d0aa8edfdf07242f3416b5c2d5ec885c2c98,2025-02-05T05:15:11.663000
+CVE-2025-25247,1,1,d94cddda05ca03cd8c39ac31cdc0bf4a334f19a72694b692d33e4b6e781c2225,2025-02-10T12:15:29.557000