From 058152a54627b03f1f6320bb6c7e804b8670e048 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 10 Mar 2025 05:03:49 +0000 Subject: [PATCH] Auto-Update: 2025-03-10T05:00:19.788317+00:00 --- CVE-2024/CVE-2024-417xx/CVE-2024-41724.json | 56 +++++++++++++++++++++ CVE-2024/CVE-2024-431xx/CVE-2024-43107.json | 56 +++++++++++++++++++++ README.md | 18 +++---- _state.csv | 10 ++-- 4 files changed, 126 insertions(+), 14 deletions(-) create mode 100644 CVE-2024/CVE-2024-417xx/CVE-2024-41724.json create mode 100644 CVE-2024/CVE-2024-431xx/CVE-2024-43107.json diff --git a/CVE-2024/CVE-2024-417xx/CVE-2024-41724.json b/CVE-2024/CVE-2024-417xx/CVE-2024-41724.json new file mode 100644 index 00000000000..dbbf032c1d2 --- /dev/null +++ b/CVE-2024/CVE-2024-417xx/CVE-2024-41724.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-41724", + "sourceIdentifier": "disclosures@gallagher.com", + "published": "2025-03-10T03:15:26.413", + "lastModified": "2025-03-10T03:15:26.413", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Certificate Validation (CWE-295) in the Gallagher Command Centre SALTO integration allowed an attacker to spoof the SALTO server. \n\n\n\n\nThis issue affects all versions of Gallagher Command Centre prior to 9.20.1043." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "disclosures@gallagher.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "baseScore": 8.7, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "disclosures@gallagher.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-295" + } + ] + } + ], + "references": [ + { + "url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-41724", + "source": "disclosures@gallagher.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-431xx/CVE-2024-43107.json b/CVE-2024/CVE-2024-431xx/CVE-2024-43107.json new file mode 100644 index 00000000000..0b84c6ea81f --- /dev/null +++ b/CVE-2024/CVE-2024-431xx/CVE-2024-43107.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-43107", + "sourceIdentifier": "disclosures@gallagher.com", + "published": "2025-03-10T03:15:26.750", + "lastModified": "2025-03-10T03:15:26.750", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Certificate Validation (CWE-295) in the Gallagher Milestone Integration Plugin (MIP) permits unauthenticated messages (e.g. alarm events) to be sent to the Plugin.\nThis issue effects Gallagher MIPS Plugin\u00a0v4.0 prior to v4.0.32, all versions of v3.0 and prior." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "disclosures@gallagher.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "disclosures@gallagher.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-295" + } + ] + } + ], + "references": [ + { + "url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-43107", + "source": "disclosures@gallagher.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 349c87bdc5a..2c8b8a80976 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-03-10T00:55:19.974363+00:00 +2025-03-10T05:00:19.788317+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-03-10T00:15:11.040000+00:00 +2025-03-10T03:15:26.750000+00:00 ``` ### Last Data Feed Release @@ -27,29 +27,27 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2025-03-09T01:00:04.357788+00:00 +2025-03-10T01:00:10.093749+00:00 ``` ### Total Number of included CVEs ```plain -284584 +284586 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `2` -- [CVE-2025-2131](CVE-2025/CVE-2025-21xx/CVE-2025-2131.json) (`2025-03-09T23:15:34.397`) -- [CVE-2025-2132](CVE-2025/CVE-2025-21xx/CVE-2025-2132.json) (`2025-03-09T23:15:34.580`) -- [CVE-2025-2133](CVE-2025/CVE-2025-21xx/CVE-2025-2133.json) (`2025-03-10T00:15:11.040`) +- [CVE-2024-41724](CVE-2024/CVE-2024-417xx/CVE-2024-41724.json) (`2025-03-10T03:15:26.413`) +- [CVE-2024-43107](CVE-2024/CVE-2024-431xx/CVE-2024-43107.json) (`2025-03-10T03:15:26.750`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `0` -- [CVE-2025-27840](CVE-2025/CVE-2025-278xx/CVE-2025-27840.json) (`2025-03-10T00:15:10.887`) ## Download and Usage diff --git a/_state.csv b/_state.csv index d8e40f9557c..40568447fbf 100644 --- a/_state.csv +++ b/_state.csv @@ -265152,6 +265152,7 @@ CVE-2024-41720,0,0,bf5caaca1d1c0f9c7639ac2e1a39cd9b2520bfe388b5fa56d6221ad980dba CVE-2024-41721,0,0,7f76b2819dc96136f1439ee00033d6c65dd7e088f9d1945c138673cd979cf120,2024-11-21T09:33:03.463000 CVE-2024-41722,0,0,3545357ca4cf0733ba3a03ead3658e160a6402ae8d95909ac1278d94b7906585,2024-10-17T17:15:11.667000 CVE-2024-41723,0,0,d9b662665d6689abd8fad15aad73e5cccc07ff290e5d3363e7616d9cd67dea5f,2024-08-20T19:26:24.033000 +CVE-2024-41724,1,1,d1c99ae1e32cc7e05eabc5a9e7716a4da80bcb079c939f868e6a36e07aa75a54,2025-03-10T03:15:26.413000 CVE-2024-41725,0,0,22730b96c52ac656b3629e583fbd4eff8680f06218cdfc247d9daaa25af29f18,2024-09-30T19:55:49.267000 CVE-2024-41726,0,0,1634589ac3ac4ec4129067b4ba8087d1381f27ca1092297eaee5f918681fec2f,2024-11-21T09:33:03.933000 CVE-2024-41727,0,0,2a9ac21ada02bd8c51a7f31c03f4791d147a723aaaec3e3fd9c0454ee54c14af,2024-08-20T19:25:12.490000 @@ -266223,6 +266224,7 @@ CVE-2024-4310,0,0,dd5cf151edf7d2cd055572eb00e97620ec8e8024a5783f50f0a1b0ae59db4b CVE-2024-43102,0,0,b6aa6225bd8ed19c424a914e97c361ac2900c128d3e8c90742dfa8fa3a85a13f,2024-11-21T09:35:00.713000 CVE-2024-43105,0,0,e347f7b09a6bd72c4cce9575828cf84dd0078060fb85e7c631ae4a4f65e5a4e2,2024-08-23T16:18:28.547000 CVE-2024-43106,0,0,e3c8c338effb078ab073dae4e3b62f1cd076ce9d2249064b9c8efa466fd26d13,2024-12-19T17:15:09.350000 +CVE-2024-43107,1,1,059d7076ab810bc8a36ffd0e2e6d66850d8a9d76e1d9da3211cd08d0c3735a50,2025-03-10T03:15:26.750000 CVE-2024-43108,0,0,5e287d64c49b83289e98ec106ef0b469b4085c0a0512abb918ff03d24d77772e,2024-10-17T17:15:11.883000 CVE-2024-4311,0,0,76e51b82bcf102c4a7a18c5b03d4ba2a6e78929354b4c7d54c7e39e256fd7ef3,2024-11-18T16:35:13.737000 CVE-2024-43110,0,0,51650deb7aee7ab0cf914391f943f7fe2c91b657e3cdae3cff1f5f569194dcba,2024-09-05T21:22:04.810000 @@ -281666,7 +281668,7 @@ CVE-2025-21306,0,0,a5980f16986cd05817009101db3b8097f73ce95412d4f6db763b337e9b2d1 CVE-2025-21307,0,0,4192b953ab526f2ac4ff4c12b1402adf53d17b59746deef75b531430fa63ac5c,2025-01-24T21:50:26.067000 CVE-2025-21308,0,0,909217a6a1c1f95333fde5981d5fdb4dc23fd6775d10a82623bd8e5b4fca1494,2025-01-24T21:50:33.863000 CVE-2025-21309,0,0,43e88773ce79d3ac8425da5b30cafca156a5dbb4eddf0e3167581fbdb45e5962,2025-01-24T21:50:46.247000 -CVE-2025-2131,1,1,8da6b14326f0c47e3efad17cfceafc7fc8555aa4fd9f0ea639441c2b1b51dc15,2025-03-09T23:15:34.397000 +CVE-2025-2131,0,0,8da6b14326f0c47e3efad17cfceafc7fc8555aa4fd9f0ea639441c2b1b51dc15,2025-03-09T23:15:34.397000 CVE-2025-21310,0,0,a9ab4e2abad602d917230791100a5f53563744121cc9fca2a557e2d4c8e9c318,2025-01-24T21:50:53.527000 CVE-2025-21311,0,0,c1918edd35606730332735ebee7fb7970341bc3e23003b52c67502e783c288e5,2025-01-24T21:51:02.927000 CVE-2025-21312,0,0,bba0d23f474dffd98b4cd7da31b507271812e82a4cd9b739b70e247e32805b5b,2025-01-24T21:51:19.847000 @@ -281677,7 +281679,7 @@ CVE-2025-21316,0,0,cf5297010fcd1e6abe40200bcffb2278e9468c9e8e779efac63672692b5b2 CVE-2025-21317,0,0,dfd2f81a09d58069370c35ee23ba3a01510242fbe9c842798837dfa653c18d80,2025-01-22T14:42:50.910000 CVE-2025-21318,0,0,5ff3710adc6b941daeb26737ee7866486d9c863941517d982a3a97a2f07863f5,2025-01-22T14:43:57.630000 CVE-2025-21319,0,0,f438a23881d0da34e77dbbeb756804186ca74b144b3c3080f26cf29fa51052e5,2025-01-22T14:44:50.860000 -CVE-2025-2132,1,1,a63b62ae863dcb3690e81ccc7fd39a55c07664f6b2ef73f13a4f8b87885cded6,2025-03-09T23:15:34.580000 +CVE-2025-2132,0,0,a63b62ae863dcb3690e81ccc7fd39a55c07664f6b2ef73f13a4f8b87885cded6,2025-03-09T23:15:34.580000 CVE-2025-21320,0,0,2bf5b9d6da8e13f0983ed08dc9cf0a61539e484ef9e6c51d78636785e0ee89e5,2025-01-22T14:45:53.317000 CVE-2025-21321,0,0,d4d04e43c9c7fb6525f2965fa6daa0b0763cac5e81f6f3f0f13b65d580f7df1d,2025-01-22T14:46:12.787000 CVE-2025-21322,0,0,a36700e623b7042775efcb047c6ac1b4f686ce001f46283148f214e3a99ff95a,2025-02-28T16:02:50.353000 @@ -281688,7 +281690,7 @@ CVE-2025-21326,0,0,a5e6f1ef9b9a2944d2bea648da839845d2d7762f68463063bd25e92cfb364 CVE-2025-21327,0,0,6bd622b4cb196ab3d63971ece1faaac22132cd2a79e6a25e00781b3735394834,2025-01-22T14:59:37.587000 CVE-2025-21328,0,0,c55b285a694d6e2b58155292638f31c2f5766a335ddfa572448875697271530a,2025-01-22T14:59:12.047000 CVE-2025-21329,0,0,981c92b2418e9fc608fe5f0e4736606b39274ac7e94c0f92045bfd4fcbd70b2c,2025-01-22T15:02:32.270000 -CVE-2025-2133,1,1,59b27619dc2fb33ef6f197b87df0ac7b90cd565859d96c880b4016b912eb182e,2025-03-10T00:15:11.040000 +CVE-2025-2133,0,0,59b27619dc2fb33ef6f197b87df0ac7b90cd565859d96c880b4016b912eb182e,2025-03-10T00:15:11.040000 CVE-2025-21330,0,0,630a00257c77e08d68c8ee0fddc53011d52b9c8247b0bd6fa5d0f2ffb1bc0037,2025-01-21T20:04:19.400000 CVE-2025-21331,0,0,ccad9675417e0dde69b86789c97697f2c4d8ee1cd0a2974500669089590e694d,2025-01-21T19:58:20.833000 CVE-2025-21332,0,0,edf859babd061219cc1cce3d52c09e668a5e0f31058bfea0e2ae4470ea2b16a4,2025-01-21T19:57:17.993000 @@ -284582,4 +284584,4 @@ CVE-2025-27824,0,0,bbbadd94bca912d17091ba5687790372eed06151266f5eb5403da18d55309 CVE-2025-27825,0,0,99e9b9d3befd54cbb55880416607fbc7e5d90c9fee9cdc2881cb2480979fee41,2025-03-07T22:15:38.380000 CVE-2025-27826,0,0,83fe28f5c1c38336a328c924367a016f575cf3bedee9c6070949943b515ded3d,2025-03-07T22:15:38.527000 CVE-2025-27839,0,0,212b3d30d2c1f53f372c7e143c6e03922deeb9da14f018db14d5749815db8000,2025-03-08T00:15:38.340000 -CVE-2025-27840,0,1,aad9d54dca67464bf586fdcb154cffce0017d09cb4ae5a57fccd03de62a08218,2025-03-10T00:15:10.887000 +CVE-2025-27840,0,0,aad9d54dca67464bf586fdcb154cffce0017d09cb4ae5a57fccd03de62a08218,2025-03-10T00:15:10.887000