From f9c7108b6533a54deaaed3c2b112dfa251696490 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 18 Feb 2025 05:03:47 +0000 Subject: [PATCH] Auto-Update: 2025-02-18T05:00:19.991703+00:00 --- CVE-2024/CVE-2024-137xx/CVE-2024-13740.json | 60 +++++++++++++++++++++ CVE-2025/CVE-2025-13xx/CVE-2025-1390.json | 56 +++++++++++++++++++ README.md | 15 +++--- _state.csv | 12 +++-- 4 files changed, 129 insertions(+), 14 deletions(-) create mode 100644 CVE-2024/CVE-2024-137xx/CVE-2024-13740.json create mode 100644 CVE-2025/CVE-2025-13xx/CVE-2025-1390.json diff --git a/CVE-2024/CVE-2024-137xx/CVE-2024-13740.json b/CVE-2024/CVE-2024-137xx/CVE-2024-13740.json new file mode 100644 index 00000000000..1788b31766d --- /dev/null +++ b/CVE-2024/CVE-2024-137xx/CVE-2024-13740.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-13740", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-02-18T03:15:10.273", + "lastModified": "2025-02-18T03:15:10.273", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The ProfileGrid \u2013 User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.9.4.2 via the pm_messenger_show_messages function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read private conversations of other users." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-communities/tags/5.9.4.2/public/class-profile-magic-public.php#L1299", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c2a1b1a4-df72-4666-b116-882af4cd5796?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-13xx/CVE-2025-1390.json b/CVE-2025/CVE-2025-13xx/CVE-2025-1390.json new file mode 100644 index 00000000000..cb00d3cd337 --- /dev/null +++ b/CVE-2025/CVE-2025-13xx/CVE-2025-1390.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-1390", + "sourceIdentifier": "security@openanolis.org", + "published": "2025-02-18T03:15:10.447", + "lastModified": "2025-02-18T03:15:10.447", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The PAM module pam_cap.so of libcap configuration supports group names starting with \u201c@\u201d, during actual parsing, configurations not starting with \u201c@\u201d are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potentially leading to security risks. Attackers can exploit this vulnerability to achieve local privilege escalation on systems where /etc/security/capability.conf is used to configure user inherited privileges by constructing specific usernames." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@openanolis.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "security@openanolis.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=18804", + "source": "security@openanolis.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 387736f34b1..fd520261299 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-02-18T03:00:58.505723+00:00 +2025-02-18T05:00:19.991703+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-02-18T02:15:13.047000+00:00 +2025-02-18T03:15:10.447000+00:00 ``` ### Last Data Feed Release @@ -33,18 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -281567 +281569 ``` ### CVEs added in the last Commit -Recently added CVEs: `5` +Recently added CVEs: `2` -- [CVE-2024-13741](CVE-2024/CVE-2024-137xx/CVE-2024-13741.json) (`2025-02-18T02:15:13.047`) -- [CVE-2025-25221](CVE-2025/CVE-2025-252xx/CVE-2025-25221.json) (`2025-02-18T01:15:09.070`) -- [CVE-2025-25222](CVE-2025/CVE-2025-252xx/CVE-2025-25222.json) (`2025-02-18T01:15:09.210`) -- [CVE-2025-25223](CVE-2025/CVE-2025-252xx/CVE-2025-25223.json) (`2025-02-18T01:15:09.347`) -- [CVE-2025-25224](CVE-2025/CVE-2025-252xx/CVE-2025-25224.json) (`2025-02-18T01:15:09.473`) +- [CVE-2024-13740](CVE-2024/CVE-2024-137xx/CVE-2024-13740.json) (`2025-02-18T03:15:10.273`) +- [CVE-2025-1390](CVE-2025/CVE-2025-13xx/CVE-2025-1390.json) (`2025-02-18T03:15:10.447`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 9771b9b2405..ac19c095ed5 100644 --- a/_state.csv +++ b/_state.csv @@ -246696,7 +246696,8 @@ CVE-2024-13732,0,0,bcdeee89cdeb266ab97f726fd75be409e85077926d11675c2a570d0f94bb9 CVE-2024-13733,0,0,4ca526af1929c133c0fe46b638ac9c59d6820bc471060a7321cdbca576df02e1,2025-02-04T10:15:08.527000 CVE-2024-13735,0,0,5831f6a512bd98ee3e9e0b41a189da9a28ce9d6efc5226591d1a0439e0759ef9,2025-02-14T10:15:09.207000 CVE-2024-1374,0,0,8b967aad89e76e7b7285732fb028781ee942f5f6a3c1468dd34bb1833f269dd3,2024-11-21T08:50:26.443000 -CVE-2024-13741,1,1,175049f3021b19cf7fa751f03fe80f12100c24edbb7e3c159d12f4c96d5eb8a9,2025-02-18T02:15:13.047000 +CVE-2024-13740,1,1,ba6332fba984f0b615db8e6ca888f7060538e8c0e0b28351d9f7958c938b931d,2025-02-18T03:15:10.273000 +CVE-2024-13741,0,0,175049f3021b19cf7fa751f03fe80f12100c24edbb7e3c159d12f4c96d5eb8a9,2025-02-18T02:15:13.047000 CVE-2024-13742,0,0,aa7b21df6f3ec325db10419962054c1a324c9ebd12e6b4ba3b8ccbdda20e9f49,2025-01-30T18:38:19.663000 CVE-2024-13749,0,0,80f262ecaea974125eab2d55e54ea371d41d3a900599102c4f121cdbe4bfacc8,2025-02-12T04:15:09.793000 CVE-2024-1375,0,0,be19da9eb494f4d8787330f2f78fc8aabab79724cc539fca66a358b2ab7e8ba7,2024-11-21T08:50:26.593000 @@ -279328,6 +279329,7 @@ CVE-2025-1381,0,0,8a9685f5e5b8ebad8a0ac5f23a89b6b3ba45fc062151114d3deac1372ed1f0 CVE-2025-1387,0,0,3471c5e221fd26cc82d790d0348e17ce666394a812c51ab6ee55856ad41c6d05,2025-02-17T04:15:08.807000 CVE-2025-1388,0,0,6166d0831a99cbb271e76281dd624232fbaf9903152209f7151545224b25416d,2025-02-17T04:15:08.960000 CVE-2025-1389,0,0,b6f1b0c672dbbad3874206b7be5adc417f88010255a18af2ae0024e0bb3a7bd5,2025-02-17T05:15:10.317000 +CVE-2025-1390,1,1,02ff75a3058ee51af8713fa469c7bed94932b28a55e59655029e36f100f66a9a,2025-02-18T03:15:10.447000 CVE-2025-1391,0,0,a1f2e3a8ca093b8de620c0e72b50119acca7a6fd87679168958e3acea938ff79,2025-02-17T14:15:08.413000 CVE-2025-1392,0,0,381fc64763a47738c9a933c7e4bcfcc84ef66c73e4a81eacddf01751da768947,2025-02-17T16:15:16.120000 CVE-2025-20014,0,0,9692e5cd581a413def58e50a6734c5a89401a76673de37fc6a41ad824a4429cc,2025-01-29T20:15:35.207000 @@ -281398,10 +281400,10 @@ CVE-2025-25203,0,0,040b03b28fff3f91466e7eaa5a2d6143cc21f99e3d967437d45c81f30cd9c CVE-2025-25204,0,0,08e898f00cdd4836e5416642a3da9e96b59613851a80bcbfd14158c90e610a8f,2025-02-14T17:15:19.140000 CVE-2025-25205,0,0,53d346539ec5bb58856ce63a9d1fdca5438e2c859c2047a9cb707ece5a8bcbe8,2025-02-12T19:15:21.717000 CVE-2025-25206,0,0,e9846eb9edb5a629adfeda97812105c1d9509aaf2c4838d333e92f590466aefc,2025-02-14T17:15:19.327000 -CVE-2025-25221,1,1,8974eac2e7e9ae10d10e6ecea65cfa14b1a0276679b9b181745dffe07f54e52b,2025-02-18T01:15:09.070000 -CVE-2025-25222,1,1,af5e7702e07f0bbb89b99fc2eb598a55750bfc15f359404224fca9d7c1d17eaa,2025-02-18T01:15:09.210000 -CVE-2025-25223,1,1,bd6e01d096e2fbe41ad1e7a30b709f67ef8f26d80bcbc350e8d8d94c925db1e4,2025-02-18T01:15:09.347000 -CVE-2025-25224,1,1,f6ea7103489d2c148008b4b5252f4b169661463d18d39376b3abf700a4c96602,2025-02-18T01:15:09.473000 +CVE-2025-25221,0,0,8974eac2e7e9ae10d10e6ecea65cfa14b1a0276679b9b181745dffe07f54e52b,2025-02-18T01:15:09.070000 +CVE-2025-25222,0,0,af5e7702e07f0bbb89b99fc2eb598a55750bfc15f359404224fca9d7c1d17eaa,2025-02-18T01:15:09.210000 +CVE-2025-25223,0,0,bd6e01d096e2fbe41ad1e7a30b709f67ef8f26d80bcbc350e8d8d94c925db1e4,2025-02-18T01:15:09.347000 +CVE-2025-25224,0,0,f6ea7103489d2c148008b4b5252f4b169661463d18d39376b3abf700a4c96602,2025-02-18T01:15:09.473000 CVE-2025-25241,0,0,685093741c4cbeb4c7e856690722e80ea121ecc2a87182689308551a55f65cb8,2025-02-11T06:15:24.120000 CVE-2025-25243,0,0,899b55762ee14dd98936d3ff86efc1dbe88fe1088da4c8c1779e82f64331f15e,2025-02-11T06:15:24.330000 CVE-2025-25246,0,0,f4be18dcc4810edd797ab4348573a1992ac7758447b43b4ac7e677cc18ccb145,2025-02-05T05:15:11.663000