Auto-Update: 2025-03-09T15:00:19.118481+00:00

2025-05-08 03:27:17 +00:00 · 2025-03-09 15:03:49 +00:00 · 2025-03-09 15:03:49 +00:00 · f9fd16ba7c
commit f9fd16ba7c
parent 58ba740d41
4 changed files with 163 additions and 7 deletions
--- a/CVE-2025/CVE-2025-21xx/CVE-2025-2122.json
+++ b/CVE-2025/CVE-2025-21xx/CVE-2025-2122.json
@ -0,0 +1,133 @@
+{
+  "id": "CVE-2025-2122",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2025-03-09T14:15:15.430",
+  "lastModified": "2025-03-09T14:15:15.430",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability classified as problematic was found in Thinkware Car Dashcam F800 Pro up to 20250226. Affected by this vulnerability is an unknown functionality of the component Connection Handler. The manipulation leads to denial of service. The attack can only be initiated within the local network. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "baseScore": 2.3,
+          "baseSeverity": "LOW",
+          "attackVector": "ADJACENT",
+          "attackComplexity": "HIGH",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "vulnConfidentialityImpact": "NONE",
+          "vulnIntegrityImpact": "NONE",
+          "vulnAvailabilityImpact": "LOW",
+          "subConfidentialityImpact": "NONE",
+          "subIntegrityImpact": "NONE",
+          "subAvailabilityImpact": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirement": "NOT_DEFINED",
+          "integrityRequirement": "NOT_DEFINED",
+          "availabilityRequirement": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
+          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
+          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
+          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
+          "modifiedSubIntegrityImpact": "NOT_DEFINED",
+          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
+          "Safety": "NOT_DEFINED",
+          "Automatable": "NOT_DEFINED",
+          "Recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED"
+        }
+      }
+    ],
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
+          "baseScore": 3.1,
+          "baseSeverity": "LOW",
+          "attackVector": "ADJACENT_NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "LOW"
+        },
+        "exploitabilityScore": 1.6,
+        "impactScore": 1.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:A/AC:H/Au:N/C:N/I:N/A:P",
+          "baseScore": 1.8,
+          "accessVector": "ADJACENT_NETWORK",
+          "accessComplexity": "HIGH",
+          "authentication": "NONE",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "PARTIAL"
+        },
+        "baseSeverity": "LOW",
+        "exploitabilityScore": 3.2,
+        "impactScore": 2.9,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-404"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/geo-chen/Thinkware-Dashcam",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.299035",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.299035",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-276xx/CVE-2025-27636.json
+++ b/CVE-2025/CVE-2025-276xx/CVE-2025-27636.json
@ -0,0 +1,21 @@
+{
+  "id": "CVE-2025-27636",
+  "sourceIdentifier": "security@apache.org",
+  "published": "2025-03-09T13:15:34.403",
+  "lastModified": "2025-03-09T13:15:34.403",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Bypass/Injection vulnerability in Apache Camel.\n\nThis issue affects Apache Camel: from 4.10.0 through <= 4.10.1, from 4.8.0 through <= 4.8.4, from 3.10.0 through <= 3.22.3.\n\nUsers are recommended to upgrade to version 4.10.2 for 4.10.x LTS, 4.8.5 for 4.8.x LTS and 3.22.4 for 3.x releases.\n\nThe vulnerability arises due to a bug in the default filtering mechanism that only blocks headers starting with \"Camel\", \"camel\", or \"org.apache.camel.\". Attackers can bypass this filter by altering the casing of letters. This allows attackers to inject headers which can be exploited to invoke arbitrary methods from the Bean registry and also supports using Simple Expression Language (or OGNL in some cases) as part of the method parameters passed to the bean. It's important to note that only methods in the same bean declared in the bean URI could be invoked.\n\n\nMitigation:\u00a0You can easily work around this in your Camel applications by removing the\u00a0headers in your Camel routes. There are many ways of doing this, also\u00a0globally or per route. This means you could use the removeHeaders EIP, to filter out anything like \"cAmel, cAMEL\" etc, or in general everything not starting with \"Camel\", \"camel\" or \"org.apache.camel.\"."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://lists.apache.org/thread/l3zcg3vts88bmc7w8172wkgw610y693z",
+      "source": "security@apache.org"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2025-03-09T13:00:19.269876+00:00
+2025-03-09T15:00:19.118481+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2025-03-09T11:15:36.647000+00:00
+2025-03-09T14:15:15.430000+00:00
 ```

 ### Last Data Feed Release
@ -33,15 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-284570
+284572
 ```

 ### CVEs added in the last Commit

 Recently added CVEs: `2`

- [CVE-2025-2120](CVE-2025/CVE-2025-21xx/CVE-2025-2120.json) (`2025-03-09T11:15:35.023`)
- [CVE-2025-2121](CVE-2025/CVE-2025-21xx/CVE-2025-2121.json) (`2025-03-09T11:15:36.647`)
+- [CVE-2025-2122](CVE-2025/CVE-2025-21xx/CVE-2025-2122.json) (`2025-03-09T14:15:15.430`)
+- [CVE-2025-27636](CVE-2025/CVE-2025-276xx/CVE-2025-27636.json) (`2025-03-09T13:15:34.403`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -281554,14 +281554,14 @@ CVE-2025-21190,0,0,8b2db67cb947998b5b47f9d8f9638f01b53bd9f51551def40a37a7298cc49
 CVE-2025-21193,0,0,f3dd779a9a437e46fb9f30ebcb1d8f684dbb5bb54fbad7b1b2971d455cbeaf6b,2025-01-27T18:42:17.480000
 CVE-2025-21194,0,0,4cbf78ebc8712bf991c571b0aba8e62887ba280acbf4ff53a1e72f262be2e98d,2025-02-11T18:15:30.820000
 CVE-2025-21198,0,0,409f66843b554eefbda1b14eaef7f0d6b61447a101bf7413282917ca002ecb4d,2025-02-28T16:02:50.353000
-CVE-2025-2120,1,1,b533d65276850c88a6f68043d3c7cc2b8e635bf5331a78cad5aab688dffba10f,2025-03-09T11:15:35.023000
+CVE-2025-2120,0,0,b533d65276850c88a6f68043d3c7cc2b8e635bf5331a78cad5aab688dffba10f,2025-03-09T11:15:35.023000
 CVE-2025-21200,0,0,ac452cf5d8fd7ee078abc4bf9e8393b61bfd7da4b4c1364b02d5f65241a430a0,2025-02-28T16:02:50.353000
 CVE-2025-21201,0,0,33cb4b63d3221b6237489bbb3ee9e268d6b471a2dc92fe795430f2b500e3c69e,2025-02-28T16:02:50.353000
 CVE-2025-21202,0,0,ec4260bee4bd33c21d930aa9c88a20abd99a3045b6128e76b4237cf160037447,2025-01-27T18:41:27.647000
 CVE-2025-21206,0,0,30db180b922f51f20ac3dc612188bb7e771e65f4b8b0475b70dd344d2e79140d,2025-02-28T16:02:50.353000
 CVE-2025-21207,0,0,101f5aedceeec8e95c7aa4d154c4fe35b53d1787f61e5e9c69598a5be6aa3415,2025-01-27T18:41:10.137000
 CVE-2025-21208,0,0,d6750a7a531b1a606c0d78d60d369b1fb895e79f9d7f1a5bd19ef4a9dbb91db7,2025-02-28T16:02:50.353000
-CVE-2025-2121,1,1,5f6e6cafc8b053796282a2422f8f4ad4175988241f629294d1d4fcda459a8172,2025-03-09T11:15:36.647000
+CVE-2025-2121,0,0,5f6e6cafc8b053796282a2422f8f4ad4175988241f629294d1d4fcda459a8172,2025-03-09T11:15:36.647000
 CVE-2025-21210,0,0,c84a831bc35a18a87ded790fe8b815dc0d44394e8c6c6597dc3d56e3ec20caba,2025-01-27T18:41:01.470000
 CVE-2025-21211,0,0,50fa81ea05a4c3005f4b83063356d13451968ba8d4fc749bb0a7fe76cb440e94,2025-01-27T18:40:51.233000
 CVE-2025-21212,0,0,c3cf3d27935b08b1f99386820b4127d20504a527c2595f60d30d4416e217289b,2025-02-28T16:02:50.353000
@ -281572,6 +281572,7 @@ CVE-2025-21216,0,0,45d1d7bd112ffc38f5b77d54190bb31c57f5b75d109c891f1f43e2ff5b3e1
 CVE-2025-21217,0,0,2a656e5f5fc07b78fa6836e5f8dacc4b8751a0a02e8cf075d2e4f1e57fc95b19,2025-01-27T18:45:20.030000
 CVE-2025-21218,0,0,d47e4e79318ebd737fa658b56f12e5fb3e30018465210b7af2b0de06c0f4fa6e,2025-01-27T18:46:14.487000
 CVE-2025-21219,0,0,424604839da721e4da825bd88d64a2416b0606f77e8b9a1190e69289c7bcf87d,2025-01-27T18:45:30.370000
+CVE-2025-2122,1,1,693427cf7568fa096eba73cae872c6c4016e2931d02b54a434b5570972dee040,2025-03-09T14:15:15.430000
 CVE-2025-21220,0,0,82564910421308f385255df4786cde1003db7381c932ced5ca5e270285456183,2025-01-27T18:45:48.310000
 CVE-2025-21223,0,0,60b46abe07e24569b5150fc60453c8604d1695be1750a046f165ca749c1035bc,2025-01-27T18:45:59.727000
 CVE-2025-21224,0,0,e06076d4b37df15b101a61c764231d733771a75106b77973898a9e88711a2e24,2025-01-27T18:46:27.673000
@ -284510,6 +284511,7 @@ CVE-2025-27622,0,0,aab424c81f70efb6c2294313600d100f64e720f683885d3b6918b7e0d0c95
 CVE-2025-27623,0,0,a7729605ea601dac947d3c9e9dda3f4cf0fc759f67e3d847999a08d4d426400f,2025-03-06T17:15:23.647000
 CVE-2025-27624,0,0,386e769fd54c9c9e387001be90fa20a8140740d08fb61eb8c2dc8cbb750364f8,2025-03-06T17:15:23.797000
 CVE-2025-27625,0,0,85889be78be476b146c5fda687cdd2b7a01a613eea674a60ada7a9651223e2d5,2025-03-06T17:15:23.960000
+CVE-2025-27636,1,1,7c694fd0627d5ecc79120319703231c3706c84daeda0a549e976d80443a935bf,2025-03-09T13:15:34.403000
 CVE-2025-27637,0,0,9c062615c8ec6a3ced4ee678ddb923b6d263f273f4e63f5f7bf9a46985accf21,2025-03-05T16:15:40.713000
 CVE-2025-27638,0,0,799c839b25e9819e4ec80c30ab7682e659f557f1c902bc7211099cb508098b42,2025-03-05T17:15:16.853000
 CVE-2025-27639,0,0,a0477d98f560583497b6432bc3e9038f2aa7b8df2110514ba2e616c075cb3f66,2025-03-05T17:15:17.027000