admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-01-23T11:00:45.519826+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-01-23 11:04:11 +00:00
parent 3bda054cd5
commit d145829e98
6 changed files with 253 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
CVE-2024/CVE-2024-129xx/CVE-2024-12957.json Normal file
View File

@ -0,0 +1,78 @@
{
"id": "CVE-2024-12957",
"sourceIdentifier": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
"published": "2025-01-23T10:15:06.867",
"lastModified": "2025-01-23T10:15:06.867",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A file handling command vulnerability in certain versions of Armoury Crate may result in arbitrary file deletion.\nRefer to the '01/23/2025 Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "HIGH",
"subsequentSystemAvailability": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"references": [
{
"url": "https://www.asus.com/content/asus-product-security-advisory/",
"source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1"
}
]
}

64
CVE-2024/CVE-2024-135xx/CVE-2024-13511.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-13511",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-23T10:15:07.253",
"lastModified": "2025-01-23T10:15:07.253",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Variation Swatches for WooCommerce plugin, in all versions starting at 1.0.8 up until 1.3.2, contains a vulnerability due to improper nonce verification in its settings reset functionality. The issue exists in the settings_init() function, which processes a reset action based on specific query parameters in the URL. The related delete_settings() function performs a faulty nonce validation check, making the reset operation insecure and susceptible to unauthorized access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/th-variation-swatches/tags/1.3.1/inc/thvs-settings.php",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3226822/th-variation-swatches/trunk/inc/thvs-settings.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6c43b9b4-4394-428a-b381-d6a776fcd130?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2024/CVE-2024-135xx/CVE-2024-13593.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-13593",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-23T10:15:07.737",
"lastModified": "2025-01-23T10:15:07.737",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The BMLT Meeting Map plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.6.0 via the 'bmlt_meeting_map' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-98"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/bmlt-meeting-map/trunk/meeting_map.php#L510",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3226454%40bmlt-meeting-map&new=3226454%40bmlt-meeting-map&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c22e5765-54bd-4677-947c-8a7c48bdf65b?source=cve",
"source": "security@wordfence.com"
}
]
}

33
CVE-2024/CVE-2024-532xx/CVE-2024-53299.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-53299",
"sourceIdentifier": "security@apache.org",
"published": "2025-01-23T09:15:07.033",
"lastModified": "2025-01-23T09:15:07.033",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The request handling in the core in Apache Wicket 7.0.0 on any platform allows an attacker to create a DOS via multiple requests to server resources.\nUsers are recommended to upgrade to versions 9.19.0 or 10.3.0, which fixes this issue."
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://lists.apache.org/thread/gyp2ht00c62827y0379lxh5dbx3hhho5",
"source": "security@apache.org"
}
]
}

14
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2025-01-23T09:00:32.968654+00:00
2025-01-23T11:00:45.519826+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2025-01-23T08:15:16.990000+00:00
2025-01-23T10:15:07.737000+00:00
```
### Last Data Feed Release
@ -33,15 +33,17 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
278639
278643
```
### CVEs added in the last Commit
Recently added CVEs: `2`
Recently added CVEs: `4`
- [CVE-2024-52972](CVE-2024/CVE-2024-529xx/CVE-2024-52972.json) (`2025-01-23T07:15:08.700`)
- [CVE-2024-52975](CVE-2024/CVE-2024-529xx/CVE-2024-52975.json) (`2025-01-23T08:15:16.990`)
- [CVE-2024-12957](CVE-2024/CVE-2024-129xx/CVE-2024-12957.json) (`2025-01-23T10:15:06.867`)
- [CVE-2024-13511](CVE-2024/CVE-2024-135xx/CVE-2024-13511.json) (`2025-01-23T10:15:07.253`)
- [CVE-2024-13593](CVE-2024/CVE-2024-135xx/CVE-2024-13593.json) (`2025-01-23T10:15:07.737`)
- [CVE-2024-53299](CVE-2024/CVE-2024-532xx/CVE-2024-53299.json) (`2025-01-23T09:15:07.033`)
### CVEs modified in the last Commit

8
_state.csv
View File

@ -245754,6 +245754,7 @@ CVE-2024-12953,0,0,118fe151e3354896266cd831d5a6eaac47e26b22f8d6d8b8b79915109dc9d
CVE-2024-12954,0,0,3d8ce9b59335959b92acb35793c66a2da6423bee4ff031623546e1feec0d28aa,2024-12-26T16:15:17.510000
CVE-2024-12955,0,0,01c00ead83fa8f9f7c160a68275906de7eedbd365dc21072a2dc6b944ca9d9cb,2024-12-26T16:15:20.320000
CVE-2024-12956,0,0,4dec445723280c9365c37949b943566ca38fb5a06bc3ebb0c2c7dccc97d497ce,2024-12-26T16:15:22.847000
CVE-2024-12957,1,1,aa289bb51b5f5b241c51a860b0d26efa04d2da34b7e66f5650b0b75f3f7a3421,2025-01-23T10:15:06.867000
CVE-2024-12958,0,0,2f2d1e34a44aceb03695717140ff583c6dfb2178e3abf88d23cee2fb77b7a1a6,2024-12-27T15:15:11.510000
CVE-2024-12959,0,0,5225592e400663837fc5548274da6cb321b7f3df19f7584dc1065af38a815bb7,2024-12-26T16:15:27.643000
CVE-2024-1296,0,0,bc7ff5b77e78e698d15576309eb7ce4c3d0e54ba3e687f3aa36d053363066caf,2025-01-16T15:27:56.237000
@ -246110,6 +246111,7 @@ CVE-2024-1350,0,0,ce11ba75737d3c0dc14aea45038ee6ef39f1db647d13879ee3f248d09a8169
CVE-2024-13502,0,0,ac2a41b6cd26a4157041ef83a41fb1ca5fe4741530d1e5a7cb1a80b922fa6ce0,2025-01-17T14:15:31.147000
CVE-2024-13503,0,0,9a18f887782bddd42cf8f60b9b9da1ba6181ce424bb49fdf69f585a65e64cdd7,2025-01-17T14:15:31.317000
CVE-2024-1351,0,0,0ee767ddd9bd942759d1902d3186de90141de07710cd1c9cc0aaf86395d89b28,2024-11-21T08:50:23.450000
CVE-2024-13511,1,1,ee31c4a9c7d71550d6c946af9bcb9a76ebd98775b07d5a10fcb060c47d8f693d,2025-01-23T10:15:07.253000
CVE-2024-13515,0,0,9c375e4239ee12fbc562375c345cfda5a849d6fb2775b7f77148bc29db2bffc1,2025-01-18T06:15:26.410000
CVE-2024-13516,0,0,eba414603b972f65f10f7cf853b9c9e3b40669e2a413f223b52ac5eaf1fb3274,2025-01-18T06:15:27.627000
CVE-2024-13517,0,0,648053532f79f5283d5e5013413aa51010bd614d2fa8ab99c641ab7d5b15d86b,2025-01-18T07:15:09.350000
@ -246126,6 +246128,7 @@ CVE-2024-1358,0,0,c4ea31b36cfcd7f75873d740d9e38ca70692f76dad02370c8ddbe488b80252
CVE-2024-13584,0,0,51a2a8790b306bf6f14abd867916b8a12305829a5bd93ce1ee2660a9c0414149,2025-01-22T04:15:06.907000
CVE-2024-1359,0,0,8114a50ae134a93430da828655ce595d1020af44415effc85b05f4f190881d3c,2024-11-21T08:50:24.543000
CVE-2024-13590,0,0,e744f6d4395f4b003bd865fd245dc1ce88f3f6497b82dad9a2ff5ecb2f4434d5,2025-01-22T04:15:07.083000
CVE-2024-13593,1,1,9e6eeaf6317d0d53a5777da60336a0df45a0567c61ee5316375bb6592e2f9ab4,2025-01-23T10:15:07.737000
CVE-2024-1360,0,0,a87675d91847a9b72ed5368695c7c67c099276d1667e5e94dc544f268946892c,2024-11-21T08:50:24.707000
CVE-2024-1361,0,0,8a11a93152fbfa05be2934d541581f2e8e8c1350c348ceb554a6a47ec08e0e2f,2025-01-15T18:39:23.493000
CVE-2024-1362,0,0,ebe61894e3dd1fecb8d4711188e9d8f7e6a2ff043508a2ee93131b033a0336dd,2025-01-15T18:40:30.490000
@ -271212,9 +271215,9 @@ CVE-2024-52963,0,0,ff01669b1598f0bce0b4b90af8cc55f96a203c8a430eccd639efb9c221ab9
CVE-2024-52967,0,0,ee495ed0ae82b5386a5a5e29b20d009f38e7fec0fdb15824df2e77e4920e6e29,2025-01-14T14:15:33.967000
CVE-2024-52969,0,0,d48edc4c533d9acd9a260c0e4d555526245a1be1476ba79e29b9502b8c79f01c,2025-01-14T14:15:34.123000
CVE-2024-5297,0,0,4e7f74d9629bbb9b864fb76b28bd5d406dd3be0c174577372182a6d0a600d934,2024-11-21T09:47:22.990000
CVE-2024-52972,1,1,7c321733bc0eb6dbde9e2cbb52d276f2124cc37045e46c00de470cd13b384da3,2025-01-23T07:15:08.700000
CVE-2024-52972,0,0,7c321733bc0eb6dbde9e2cbb52d276f2124cc37045e46c00de470cd13b384da3,2025-01-23T07:15:08.700000
CVE-2024-52973,0,0,80557c3abfe62ff99c7924275640db641adc976d538445e17950b607d9ba9ac5,2025-01-21T11:15:10.200000
CVE-2024-52975,1,1,d860756695811f7a9e54fae9d7efd286035e360bea37bbeca473a1af11dfcd09,2025-01-23T08:15:16.990000
CVE-2024-52975,0,0,d860756695811f7a9e54fae9d7efd286035e360bea37bbeca473a1af11dfcd09,2025-01-23T08:15:16.990000
CVE-2024-5298,0,0,329feabae44ccd7ff86530cac1ce0ba86c416ea44126377af7ea7290b6d65a10,2024-11-21T09:47:23.103000
CVE-2024-52982,0,0,87ddbec0fddbec6a4eb61fd0607c77d31103b1dd9283c5a13ec4d5a36a8ccef0,2024-12-18T18:22:52.637000
CVE-2024-52983,0,0,6cf30a09aaa853464d214fc07b1d213f931e08bd912522971a9cefc2fb965c45,2024-12-18T18:23:06.273000
@ -271509,6 +271512,7 @@ CVE-2024-5329,0,0,daffb0d0cde1b0a7abdef85d122cb231171a58845d7b7cc2d00de14c5f127b
CVE-2024-53290,0,0,08e0a042eea6dcb1196f79e060fe5af8f554fba59cbaa553b3654d405551bc5e,2024-12-11T08:15:06.250000
CVE-2024-53291,0,0,299274b06c39662182dee6f00f076d1e8ae9ce7179d7ff55da229649e130d512,2024-12-25T15:15:07.673000
CVE-2024-53292,0,0,67896e5cb823d0bbe120641ca2bcb7973e9580249f1b4ecda20948602273ce08,2024-12-11T08:15:06.423000
CVE-2024-53299,1,1,2b991543aa202f443ba03c7edbc594b33f44b98634e051eaae0e785128cdb037,2025-01-23T09:15:07.033000
CVE-2024-5330,0,0,d644a32144d291678dd5bb7f21b934bb851a049e1a1dcad7ed14bbc2171615fb,2024-11-21T22:46:26.800000
CVE-2024-5331,0,0,ad9f3e021008e1f906a9999a71be6645de37906a8f88b5de79caa7d877855b39,2024-11-21T23:07:26.067000
CVE-2024-5332,0,0,1bf02601401a5cfa3a271a75853b96cdcfd3e0b6b58677457c39ef4ba15b4069,2024-11-21T09:47:26.403000

Can't render this file because it is too large.