Auto-Update: 2025-02-18T05:00:19.991703+00:00

2025-07-09 16:05:11 +00:00 · 2025-02-18 05:03:47 +00:00 · 2025-02-18 05:03:47 +00:00 · f9c7108b65
commit f9c7108b65
parent 8283df4bb3
4 changed files with 129 additions and 14 deletions
--- a/CVE-2024/CVE-2024-137xx/CVE-2024-13740.json
+++ b/CVE-2024/CVE-2024-137xx/CVE-2024-13740.json
@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-13740",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-02-18T03:15:10.273",
+  "lastModified": "2025-02-18T03:15:10.273",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The ProfileGrid \u2013 User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.9.4.2 via the pm_messenger_show_messages function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read private conversations of other users."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-639"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-communities/tags/5.9.4.2/public/class-profile-magic-public.php#L1299",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c2a1b1a4-df72-4666-b116-882af4cd5796?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-13xx/CVE-2025-1390.json
+++ b/CVE-2025/CVE-2025-13xx/CVE-2025-1390.json
@ -0,0 +1,56 @@
+{
+  "id": "CVE-2025-1390",
+  "sourceIdentifier": "security@openanolis.org",
+  "published": "2025-02-18T03:15:10.447",
+  "lastModified": "2025-02-18T03:15:10.447",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The PAM module pam_cap.so of libcap configuration supports group names starting with \u201c@\u201d, during actual parsing, configurations not starting with \u201c@\u201d are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potentially leading to security risks. Attackers can exploit this vulnerability to achieve local privilege escalation on systems where /etc/security/capability.conf is used to configure user inherited privileges by constructing specific usernames."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@openanolis.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
+          "baseScore": 6.1,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 4.2
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@openanolis.org",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-284"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=18804",
+      "source": "security@openanolis.org"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2025-02-18T03:00:58.505723+00:00
+2025-02-18T05:00:19.991703+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2025-02-18T02:15:13.047000+00:00
+2025-02-18T03:15:10.447000+00:00
 ```

 ### Last Data Feed Release
@ -33,18 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-281567
+281569
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `5`
+Recently added CVEs: `2`

- [CVE-2024-13741](CVE-2024/CVE-2024-137xx/CVE-2024-13741.json) (`2025-02-18T02:15:13.047`)
- [CVE-2025-25221](CVE-2025/CVE-2025-252xx/CVE-2025-25221.json) (`2025-02-18T01:15:09.070`)
- [CVE-2025-25222](CVE-2025/CVE-2025-252xx/CVE-2025-25222.json) (`2025-02-18T01:15:09.210`)
- [CVE-2025-25223](CVE-2025/CVE-2025-252xx/CVE-2025-25223.json) (`2025-02-18T01:15:09.347`)
- [CVE-2025-25224](CVE-2025/CVE-2025-252xx/CVE-2025-25224.json) (`2025-02-18T01:15:09.473`)
+- [CVE-2024-13740](CVE-2024/CVE-2024-137xx/CVE-2024-13740.json) (`2025-02-18T03:15:10.273`)
+- [CVE-2025-1390](CVE-2025/CVE-2025-13xx/CVE-2025-1390.json) (`2025-02-18T03:15:10.447`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -246696,7 +246696,8 @@ CVE-2024-13732,0,0,bcdeee89cdeb266ab97f726fd75be409e85077926d11675c2a570d0f94bb9
 CVE-2024-13733,0,0,4ca526af1929c133c0fe46b638ac9c59d6820bc471060a7321cdbca576df02e1,2025-02-04T10:15:08.527000
 CVE-2024-13735,0,0,5831f6a512bd98ee3e9e0b41a189da9a28ce9d6efc5226591d1a0439e0759ef9,2025-02-14T10:15:09.207000
 CVE-2024-1374,0,0,8b967aad89e76e7b7285732fb028781ee942f5f6a3c1468dd34bb1833f269dd3,2024-11-21T08:50:26.443000
-CVE-2024-13741,1,1,175049f3021b19cf7fa751f03fe80f12100c24edbb7e3c159d12f4c96d5eb8a9,2025-02-18T02:15:13.047000
+CVE-2024-13740,1,1,ba6332fba984f0b615db8e6ca888f7060538e8c0e0b28351d9f7958c938b931d,2025-02-18T03:15:10.273000
+CVE-2024-13741,0,0,175049f3021b19cf7fa751f03fe80f12100c24edbb7e3c159d12f4c96d5eb8a9,2025-02-18T02:15:13.047000
 CVE-2024-13742,0,0,aa7b21df6f3ec325db10419962054c1a324c9ebd12e6b4ba3b8ccbdda20e9f49,2025-01-30T18:38:19.663000
 CVE-2024-13749,0,0,80f262ecaea974125eab2d55e54ea371d41d3a900599102c4f121cdbe4bfacc8,2025-02-12T04:15:09.793000
 CVE-2024-1375,0,0,be19da9eb494f4d8787330f2f78fc8aabab79724cc539fca66a358b2ab7e8ba7,2024-11-21T08:50:26.593000
@ -279328,6 +279329,7 @@ CVE-2025-1381,0,0,8a9685f5e5b8ebad8a0ac5f23a89b6b3ba45fc062151114d3deac1372ed1f0
 CVE-2025-1387,0,0,3471c5e221fd26cc82d790d0348e17ce666394a812c51ab6ee55856ad41c6d05,2025-02-17T04:15:08.807000
 CVE-2025-1388,0,0,6166d0831a99cbb271e76281dd624232fbaf9903152209f7151545224b25416d,2025-02-17T04:15:08.960000
 CVE-2025-1389,0,0,b6f1b0c672dbbad3874206b7be5adc417f88010255a18af2ae0024e0bb3a7bd5,2025-02-17T05:15:10.317000
+CVE-2025-1390,1,1,02ff75a3058ee51af8713fa469c7bed94932b28a55e59655029e36f100f66a9a,2025-02-18T03:15:10.447000
 CVE-2025-1391,0,0,a1f2e3a8ca093b8de620c0e72b50119acca7a6fd87679168958e3acea938ff79,2025-02-17T14:15:08.413000
 CVE-2025-1392,0,0,381fc64763a47738c9a933c7e4bcfcc84ef66c73e4a81eacddf01751da768947,2025-02-17T16:15:16.120000
 CVE-2025-20014,0,0,9692e5cd581a413def58e50a6734c5a89401a76673de37fc6a41ad824a4429cc,2025-01-29T20:15:35.207000
@ -281398,10 +281400,10 @@ CVE-2025-25203,0,0,040b03b28fff3f91466e7eaa5a2d6143cc21f99e3d967437d45c81f30cd9c
 CVE-2025-25204,0,0,08e898f00cdd4836e5416642a3da9e96b59613851a80bcbfd14158c90e610a8f,2025-02-14T17:15:19.140000
 CVE-2025-25205,0,0,53d346539ec5bb58856ce63a9d1fdca5438e2c859c2047a9cb707ece5a8bcbe8,2025-02-12T19:15:21.717000
 CVE-2025-25206,0,0,e9846eb9edb5a629adfeda97812105c1d9509aaf2c4838d333e92f590466aefc,2025-02-14T17:15:19.327000
-CVE-2025-25221,1,1,8974eac2e7e9ae10d10e6ecea65cfa14b1a0276679b9b181745dffe07f54e52b,2025-02-18T01:15:09.070000
-CVE-2025-25222,1,1,af5e7702e07f0bbb89b99fc2eb598a55750bfc15f359404224fca9d7c1d17eaa,2025-02-18T01:15:09.210000
-CVE-2025-25223,1,1,bd6e01d096e2fbe41ad1e7a30b709f67ef8f26d80bcbc350e8d8d94c925db1e4,2025-02-18T01:15:09.347000
-CVE-2025-25224,1,1,f6ea7103489d2c148008b4b5252f4b169661463d18d39376b3abf700a4c96602,2025-02-18T01:15:09.473000
+CVE-2025-25221,0,0,8974eac2e7e9ae10d10e6ecea65cfa14b1a0276679b9b181745dffe07f54e52b,2025-02-18T01:15:09.070000
+CVE-2025-25222,0,0,af5e7702e07f0bbb89b99fc2eb598a55750bfc15f359404224fca9d7c1d17eaa,2025-02-18T01:15:09.210000
+CVE-2025-25223,0,0,bd6e01d096e2fbe41ad1e7a30b709f67ef8f26d80bcbc350e8d8d94c925db1e4,2025-02-18T01:15:09.347000
+CVE-2025-25224,0,0,f6ea7103489d2c148008b4b5252f4b169661463d18d39376b3abf700a4c96602,2025-02-18T01:15:09.473000
 CVE-2025-25241,0,0,685093741c4cbeb4c7e856690722e80ea121ecc2a87182689308551a55f65cb8,2025-02-11T06:15:24.120000
 CVE-2025-25243,0,0,899b55762ee14dd98936d3ff86efc1dbe88fe1088da4c8c1779e82f64331f15e,2025-02-11T06:15:24.330000
 CVE-2025-25246,0,0,f4be18dcc4810edd797ab4348573a1992ac7758447b43b4ac7e677cc18ccb145,2025-02-05T05:15:11.663000