Auto-Update: 2025-03-18T11:00:20.023116+00:00

cad-safe-bot · cad-safe-bot · commit 20b2e6d05b06 · 2025-03-18T11:03:50.000Z
diff --git a/CVE-2025/CVE-2025-07xx/CVE-2025-0755.json b/CVE-2025/CVE-2025-07xx/CVE-2025-0755.json
@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2025-0755",
+  "sourceIdentifier": "cna@mongodb.com",
+  "published": "2025-03-18T09:15:11.487",
+  "lastModified": "2025-03-18T09:15:11.487",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The various bson_append\u00a0functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. This issue affected libbson versions prior to 1.27.5, MongoDB Server v8.0 versions prior to 8.0.1 and MongoDB Server v7.0 versions prior to 7.0.16"
+    },
+    {
+      "lang": "es",
+      "value": "Las diversas funciones bson_append de la librer\u00eda del controlador C de MongoDB pueden ser susceptibles a desbordamientos de b\u00fafer al realizar operaciones que podr\u00edan generar un documento BSON final que supere el tama\u00f1o m\u00e1ximo permitido (INT32_MAX), lo que provocar\u00eda un fallo de segmentaci\u00f3n y un posible bloqueo de la aplicaci\u00f3n. Este problema afectaba a las versiones de libbson anteriores a la 1.27.5, a las versiones de MongoDB Server v8.0 anteriores a la 8.0.1 y a las versiones de MongoDB Server v7.0 anteriores a la 7.0.16."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cna@mongodb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 8.4,
+          "baseSeverity": "HIGH",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 2.5,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@mongodb.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-122"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://jira.mongodb.org/browse/SERVER-94461",
+      "source": "cna@mongodb.com"
+    }
+  ]
+}
diff --git a/CVE-2025/CVE-2025-243xx/CVE-2025-24306.json b/CVE-2025/CVE-2025-243xx/CVE-2025-24306.json
@@ -0,0 +1,64 @@
+{
+  "id": "CVE-2025-24306",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2025-03-18T09:15:13.570",
+  "lastModified": "2025-03-18T09:15:13.570",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in +F FS010M versions prior to V2.0.0_1101. If this vulnerability is exploited, an arbitrary OS command may be executed by a remote authenticated attacker with an administrative privilege."
+    },
+    {
+      "lang": "es",
+      "value": "Existe un problema de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando del sistema operativo ('Inyecci\u00f3n de comandos del sistema operativo') en versiones de +F FS010M anteriores a la V2.0.0_1101. Si se explota esta vulnerabilidad, un atacante remoto autenticado con privilegios administrativos podr\u00eda ejecutar un comando arbitrario del sistema operativo."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "vultures@jpcert.or.jp",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 7.2,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "vultures@jpcert.or.jp",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-78"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://fsi-plusf.jp/news/25031701.html",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://jvn.jp/en/jp/JVN11230428/",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}
diff --git a/CVE-2025/CVE-2025-252xx/CVE-2025-25220.json b/CVE-2025/CVE-2025-252xx/CVE-2025-25220.json
@@ -0,0 +1,64 @@
+{
+  "id": "CVE-2025-25220",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2025-03-18T09:15:13.750",
+  "lastModified": "2025-03-18T09:15:13.750",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in +F FS010M versions prior to V2.0.1_1101. If this vulnerability is exploited, an arbitrary OS command may be executed by a remote authenticated attacker."
+    },
+    {
+      "lang": "es",
+      "value": "Existe un problema de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando del sistema operativo ('Inyecci\u00f3n de comandos del sistema operativo') en versiones de +F FS010M anteriores a la V2.0.1_1101. Si se explota esta vulnerabilidad, un atacante remoto autenticado podr\u00eda ejecutar un comando arbitrario del sistema operativo."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "vultures@jpcert.or.jp",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "vultures@jpcert.or.jp",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-78"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://fsi-plusf.jp/news/25031701.html",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://jvn.jp/en/jp/JVN11230428/",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}
diff --git a/README.md b/README.md
@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2025-03-18T09:00:20.355053+00:00
+2025-03-18T11:00:20.023116+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2025-03-18T08:15:10.200000+00:00
+2025-03-18T09:15:13.750000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,21 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-285572
+285575
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `1`
+Recently added CVEs: `3`
 
-- [CVE-2025-2262](CVE-2025/CVE-2025-22xx/CVE-2025-2262.json) (`2025-03-18T07:15:33.907`)
+- [CVE-2025-0755](CVE-2025/CVE-2025-07xx/CVE-2025-0755.json) (`2025-03-18T09:15:11.487`)
+- [CVE-2025-24306](CVE-2025/CVE-2025-243xx/CVE-2025-24306.json) (`2025-03-18T09:15:13.570`)
+- [CVE-2025-25220](CVE-2025/CVE-2025-252xx/CVE-2025-25220.json) (`2025-03-18T09:15:13.750`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `1`
+Recently modified CVEs: `0`
 
-- [CVE-2024-13176](CVE-2024/CVE-2024-131xx/CVE-2024-13176.json) (`2025-03-18T08:15:10.200`)
 
 
 ## Download and Usage
diff --git a/_state.csv b/_state.csv
@@ -247280,7 +247280,7 @@ CVE-2024-13170,0,0,64bb0fa3762d809dad101b4ba885fcca0dd1d305c82c02d70bc824e02b59a
 CVE-2024-13171,0,0,699657c265d040f82de898618a447265bb42e4c5f15629b32474eb0a58331d80,2025-01-14T18:15:28.913000
 CVE-2024-13172,0,0,4be3076bfc8edd49ff4de334b04e8f62cacb071216b0af58069e07996765e5eb,2025-01-14T18:15:29.110000
 CVE-2024-13173,0,0,2768d4d30b9929c378ae1adc2bb52bbd8a72496705430c6e9fec10944c8109a2,2025-01-08T15:15:16.577000
-CVE-2024-13176,0,1,1cf45d61c3123e29f04ede9ad254eb9e81a9c3e712b42a472e33ac8838112b90,2025-03-18T08:15:10.200000
+CVE-2024-13176,0,0,1cf45d61c3123e29f04ede9ad254eb9e81a9c3e712b42a472e33ac8838112b90,2025-03-18T08:15:10.200000
 CVE-2024-13179,0,0,9d2a982b824c67bbacd2e3f4856194d80faa53a9ffb503fdbd054d373079f25f,2025-01-16T21:01:38.177000
 CVE-2024-1318,0,0,8468ceebf6c6c9f41014d2f5941b790bd61167061813191d7b8edcc4ba43bbca,2024-12-31T16:56:50.763000
 CVE-2024-13180,0,0,d8eed302f18bf4ce52a1f3c3aecacb18daed8ee47876692255a4c4adf22e5203,2025-01-16T21:01:52.650000
@@ -280874,6 +280874,7 @@ CVE-2025-0751,0,0,0efa0957e87c78d91feee9c5b60c767ad1a73d0975464bcb9c8ba1b6cbbc82
 CVE-2025-0752,0,0,de749aab58e2326cecf2e69cd47cb06af87bcedce5e0f5e8b795ca284455a6c7,2025-01-28T10:15:09.493000
 CVE-2025-0753,0,0,c31e8dbd9d781b37db4d790b1206c27db098e661945670b7848cba0c8afd301c,2025-02-28T22:22:35.957000
 CVE-2025-0754,0,0,01e22cbc27c23b2a20fc22b4b38925f42f70aba0e3cf26d239fd3f71faae49ca,2025-01-28T10:15:09.697000
+CVE-2025-0755,1,1,abe26ec0613fa377381f3b0e74566639f114d829d4b60073e8edd6c44f488c57,2025-03-18T09:15:11.487000
 CVE-2025-0759,0,0,09d991e76c287398c2be16cd3769fbff0d891df9fa18a6f52ed6c200cb01eaf9,2025-02-27T15:15:40.603000
 CVE-2025-0760,0,0,00193022d9afa63eab6ac5d740a3221452c3267e0ba03667c14e8712364e5b04,2025-02-26T00:15:10.890000
 CVE-2025-0762,0,0,e4f54e0a8112ca4bbd93833150136d658b70b741ccb351b92cec93e89ce75210,2025-01-29T15:15:17.687000
@@ -282863,7 +282864,7 @@ CVE-2025-22616,0,0,c9f9c24f7d3c8173c14aec457806c910ef1d27e3e076f66de2a43b1c6e40e
 CVE-2025-22617,0,0,ff20e759a6d5d0c79258c933e905a90cd4ce72b81cc3918981feacf6242aae8d,2025-02-13T18:56:17.963000
 CVE-2025-22618,0,0,fa7ec4913e1647da5b34028a0a8d42e298d05dcecd50c06603686c2973bc4398,2025-02-13T18:55:50.413000
 CVE-2025-22619,0,0,d515e7076865e4f01be05b309607c7d226293e7a0f8bc68ef1e74f170971f370,2025-02-13T19:44:19.580000
-CVE-2025-2262,1,1,8570a40dd0aac6b9a2f281bfab0f5e353625a664119cb6759d7c92e6f01cced8,2025-03-18T07:15:33.907000
+CVE-2025-2262,0,0,8570a40dd0aac6b9a2f281bfab0f5e353625a664119cb6759d7c92e6f01cced8,2025-03-18T07:15:33.907000
 CVE-2025-22620,0,0,428c7806e74732326369c718351571848c196156b9eb9eb7ffe99ba9002a1b52,2025-01-20T16:15:28.017000
 CVE-2025-22621,0,0,6ff4aa50f3e07d892cb8ed858e238d42c832836da0723e6a77be4111c28ff27e,2025-01-15T17:15:20.810000
 CVE-2025-22622,0,0,0a67f003bf728be4e0886c35c47488ba14ce354a6aa44e3a32da5ad98803d9bf,2025-02-19T04:15:10.550000
@@ -283969,6 +283970,7 @@ CVE-2025-2420,0,0,6cf9e237f7a2ee37abcfa838f9567dea6ed7f9da1ca13895b8ccedcfac01f7
 CVE-2025-24200,0,0,0f6f41d17b1c80c9261ddc7d6ef23ac7e19cbdbd2c08a07eed9362b293d75967,2025-03-07T17:12:01.477000
 CVE-2025-24201,0,0,ce749944f29eb7a58a39f521ebc27f910b93ce1f347524410204067e6a960180,2025-03-14T20:35:27.923000
 CVE-2025-24301,0,0,7b7c3fba06b103a537ce7db06429d9d2300d69047940e33831c6830c359206c5,2025-03-04T17:15:48.160000
+CVE-2025-24306,1,1,e210195f360c27240f00fdb72863ab45cdcc5e9e27f3265f94696064f329bbdb,2025-03-18T09:15:13.570000
 CVE-2025-24309,0,0,b881e80e18a543dac7caf5dbe4ebf8345a69e13fed09525eee5962b72198dbe3,2025-03-04T17:16:06.513000
 CVE-2025-24312,0,0,95c47bb536b453078b50948ffe457339fcccb14868a3af4b230325aee112d79c,2025-02-05T18:15:34.060000
 CVE-2025-24316,0,0,3d67fc5ca9257bdefdc420f872260ce49c49fc7bc45018e469adac707c1de56f,2025-02-28T17:15:16.790000
@@ -284548,6 +284550,7 @@ CVE-2025-25203,0,0,040b03b28fff3f91466e7eaa5a2d6143cc21f99e3d967437d45c81f30cd9c
 CVE-2025-25204,0,0,119932f98cc8b58871d029f6ccd9a89a806462d1c2b6c06ee7f6d1cb510c31af,2025-02-14T17:15:19.140000
 CVE-2025-25205,0,0,53d346539ec5bb58856ce63a9d1fdca5438e2c859c2047a9cb707ece5a8bcbe8,2025-02-12T19:15:21.717000
 CVE-2025-25206,0,0,9f668b067e3e448579721524d9498db32e90e7d300d6cfeef5961eac800c1c31,2025-02-14T17:15:19.327000
+CVE-2025-25220,1,1,edd6d9898ecbcd19a5b5ef9ffc8e4928a41f2b93f292dd1e13dec7a02aa5027c,2025-03-18T09:15:13.750000
 CVE-2025-25221,0,0,da7f39219236daa10c6a9a322f77562859face44f96d9c55ab9ddbe74ace6d9f,2025-02-18T01:15:09.070000
 CVE-2025-25222,0,0,c2ca7e3dc29f3574e03139c7399b4994d988797dae7ad6db23b85350baa3dcf1,2025-02-18T01:15:09.210000
 CVE-2025-25223,0,0,a49bb693ef5024209af2cdf099d01934d199df8e6379e744ca5e733fcd788f54,2025-02-18T01:15:09.347000
