admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-01-09T09:00:22.531137+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-01-09 09:03:47 +00:00
parent 729b657def
commit 08a1f0a615
39 changed files with 2915 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
CVE-2023/CVE-2023-19xx/CVE-2023-1907.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2023-1907",
"sourceIdentifier": "secalert@redhat.com",
"published": "2025-01-09T08:15:24.477",
"lastModified": "2025-01-09T08:15:24.477",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218384",
"source": "secalert@redhat.com"
}
]
}

33
CVE-2024/CVE-2024-128xx/CVE-2024-12803.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-12803",
"sourceIdentifier": "PSIRT@sonicwall.com",
"published": "2025-01-09T08:15:26.007",
"lastModified": "2025-01-09T08:15:26.007",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A post-authentication stack-based buffer overflow vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution."
}
],
"metrics": {},
"weaknesses": [
{
"source": "PSIRT@sonicwall.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0004",
"source": "PSIRT@sonicwall.com"
}
]
}

33
CVE-2024/CVE-2024-128xx/CVE-2024-12805.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-12805",
"sourceIdentifier": "PSIRT@sonicwall.com",
"published": "2025-01-09T08:15:26.247",
"lastModified": "2025-01-09T08:15:26.247",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A post-authentication format string vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution."
}
],
"metrics": {},
"weaknesses": [
{
"source": "PSIRT@sonicwall.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-134"
}
]
}
],
"references": [
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0004",
"source": "PSIRT@sonicwall.com"
}
]
}

33
CVE-2024/CVE-2024-128xx/CVE-2024-12806.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-12806",
"sourceIdentifier": "PSIRT@sonicwall.com",
"published": "2025-01-09T08:15:26.417",
"lastModified": "2025-01-09T08:15:26.417",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A post-authentication absolute path traversal vulnerability in SonicOS management allows a remote attacker to read an arbitrary file."
}
],
"metrics": {},
"weaknesses": [
{
"source": "PSIRT@sonicwall.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-37"
}
]
}
],
"references": [
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0004",
"source": "PSIRT@sonicwall.com"
}
]
}

60
CVE-2024/CVE-2024-130xx/CVE-2024-13041.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-13041",
"sourceIdentifier": "cve@gitlab.com",
"published": "2025-01-09T07:15:26.497",
"lastModified": "2025-01-09T07:15:26.497",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. When a user is created via the SAML provider, the external groups setting overrides the external provider configuration. As a result, the user may not be marked as external thereby giving those users access to internal projects or groups."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.6,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "cve@gitlab.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-286"
}
]
}
],
"references": [
{
"url": "https://about.gitlab.com/releases/2025/01/08/patch-release-gitlab-17-7-1-released/#instance-saml-does-not-respect-external_provider-configuration",
"source": "cve@gitlab.com"
},
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/479165",
"source": "cve@gitlab.com"
}
]
}

33
CVE-2024/CVE-2024-407xx/CVE-2024-40762.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-40762",
"sourceIdentifier": "PSIRT@sonicwall.com",
"published": "2025-01-09T07:15:26.730",
"lastModified": "2025-01-09T07:15:26.730",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting in authentication bypass."
}
],
"metrics": {},
"weaknesses": [
{
"source": "PSIRT@sonicwall.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-338"
}
]
}
],
"references": [
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003",
"source": "PSIRT@sonicwall.com"
}
]
}

33
CVE-2024/CVE-2024-407xx/CVE-2024-40765.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-40765",
"sourceIdentifier": "PSIRT@sonicwall.com",
"published": "2025-01-09T08:15:26.797",
"lastModified": "2025-01-09T08:15:26.797",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload."
}
],
"metrics": {},
"weaknesses": [
{
"source": "PSIRT@sonicwall.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"references": [
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0013",
"source": "PSIRT@sonicwall.com"
}
]
}

90
CVE-2024/CVE-2024-436xx/CVE-2024-43648.json Normal file
View File

@ -0,0 +1,90 @@
{
"id": "CVE-2024-43648",
"sourceIdentifier": "csirt@divd.nl",
"published": "2025-01-09T08:15:26.980",
"lastModified": "2025-01-09T08:15:26.980",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Command injection in the <redacted> parameter of a <redacted>.exe request leads to remote code execution as the root user.\n\nThis issue affects Iocharger firmware for AC models before version 24120701.\n\nLikelihood: Moderate \u2013 This action is not a common place for command injection vulnerabilities to occur. Thus, an attacker will likely only be able to find this vulnerability by reverse-engineering the firmware or trying it on all <redacted> fields. The attacker will also need a (low privilege) account to gain access to the <redacted> binary, or convince a user with such access to execute a payload.\n\nImpact: Critical \u2013 The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and delete files and services.\n\nCVSS clarification. The attack can be executed over any network connection the station is listening to and serves the web interface (AV:N), and there are no additional security measure sin place that need to be circumvented (AC:L), the attack does not rely on preconditions (AT:N). The attack does require authentication, but the level of authentication is irrelevant (PR:L), it does not require user interaction (UI:N). If is a full system compromise, potentially fully compromising confidentiality, integrity and availability of the devicer (VC:H/VI:H/VA:H).\u00a0 A compromised charger can be used to \"pivot\" onto networks that should otherwise be closed, cause a low confidentiality and interity impact on subsequent systems. (SC:L/SI:L/SA:H).\u00a0Because this device is an EV charger handing significant amounts of power, we suspect this vulnerability can have a safety impact (S:P). The attack can be automated (AU:Y)."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "csirt@divd.nl",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:X/V:X/RE:X/U:X",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "LOW",
"subsequentSystemIntegrity": "LOW",
"subsequentSystemAvailability": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "PRESENT",
"automatable": "YES",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "csirt@divd.nl",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
},
{
"lang": "en",
"value": "CWE-250"
}
]
}
],
"references": [
{
"url": "https://csirt.divd.nl/CVE-2024-43648/",
"source": "csirt@divd.nl"
},
{
"url": "https://csirt.divd.nl/DIVD-2024-00035/",
"source": "csirt@divd.nl"
},
{
"url": "https://iocharger.com",
"source": "csirt@divd.nl"
}
]
}

90
CVE-2024/CVE-2024-436xx/CVE-2024-43649.json Normal file
View File

@ -0,0 +1,90 @@
{
"id": "CVE-2024-43649",
"sourceIdentifier": "csirt@divd.nl",
"published": "2025-01-09T08:15:27.233",
"lastModified": "2025-01-09T08:15:27.233",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authenticated command injection in the filename of a <redacted>.exe request leads to remote code execution as the root user.\n\nThis issue affects Iocharger firmware for AC models before version 24120701.\n\nLikelihood: Moderate \u2013 This action is not a common place for command injection vulnerabilities to occur. Thus, an attacker will likely only be able to find this vulnerability by reverse-engineering the firmware or trying it on all <redacted> fields. The attacker will also need a (low privilege) account to gain access to the <redacted> binary, or convince a user with such access to execute a payload.\n\nImpact: Critical \u2013 The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and delete files and services.\n\nCVSS clarification:\u00a0This attack can be performed over any network conenction serving the web interfacr (AV:N), and there are not additional mitigating measures that need to be circumvented (AC:L) or other prerequisites (AT:N). The attack does require privileges, but the level does not matter (PR:L), there is no user interaction required (UI:N). The attack leeds to a full compromised of the charger (VC:H/VI:H/VA:H) and a compromised charger can be used to \"pivot\" to networks that should normally not be reachable (SC:L/SI:L/SA:H). Because this is an EV chargers with significant pwoer, there is a potential safety imp0act (S:P). THis attack can be automated (AU:Y)."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "csirt@divd.nl",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:X/V:X/RE:X/U:X",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "LOW",
"subsequentSystemIntegrity": "LOW",
"subsequentSystemAvailability": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "PRESENT",
"automatable": "YES",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "csirt@divd.nl",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
},
{
"lang": "en",
"value": "CWE-250"
}
]
}
],
"references": [
{
"url": "https://csirt.divd.nl/CVE-2024-43649/",
"source": "csirt@divd.nl"
},
{
"url": "https://csirt.divd.nl/DIVD-2024-00035/",
"source": "csirt@divd.nl"
},
{
"url": "https://iocharger.com",
"source": "csirt@divd.nl"
}
]
}

90
CVE-2024/CVE-2024-436xx/CVE-2024-43650.json Normal file
View File

@ -0,0 +1,90 @@
{
"id": "CVE-2024-43650",
"sourceIdentifier": "csirt@divd.nl",
"published": "2025-01-09T08:15:27.417",
"lastModified": "2025-01-09T08:15:27.417",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Iocharger firmware for AC models allows OS Command Injection as root\n\nThis issue affects\u00a0 firmware versions before 24120701.\n\nLikelihood: Moderate \u2013 The <redacted> binary does not seem to be used by the web interface, so it might be more difficult to find. It seems to be largely the same binary as used by the Iocharger Pedestal charging station, however. The attacker will also need a (low privilege) account to gain access to the <redacted> binary, or convince a user with such access to execute a crafted HTTP request.\n\nImpact: Critical \u2013 The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and delete\nfiles and services.\n\nCVSS clarification: The attack can be executed over any network connection serving the web interface (AV:N). There are no additional measures that need to be circumvented (AC:L) or attack preconditions (AT:N). THe attack is privileged, but the level does not matter (PR:L) and does not require user interaction (UI:N). Attack leads to full system compromised (VC:H/VI:H/VA:H) and compromised devices can be used to \"pivot\" to other networks that should be unreachable (SC:L/SI:L/SA:H). Because this an EV charger using high power, there is a potential safety impact (S:P). The attack can be automated (AU:Y)."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "csirt@divd.nl",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:X/V:X/RE:X/U:X",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "LOW",
"subsequentSystemIntegrity": "LOW",
"subsequentSystemAvailability": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "PRESENT",
"automatable": "YES",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "csirt@divd.nl",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
},
{
"lang": "en",
"value": "CWE-250"
}
]
}
],
"references": [
{
"url": "https://csirt.divd.nl/CVE-2024-43650/",
"source": "csirt@divd.nl"
},
{
"url": "https://csirt.divd.nl/DIVD-2024-00035/",
"source": "csirt@divd.nl"
},
{
"url": "https://iocharger.com",
"source": "csirt@divd.nl"
}
]
}

90
CVE-2024/CVE-2024-436xx/CVE-2024-43651.json Normal file
View File

@ -0,0 +1,90 @@
{
"id": "CVE-2024-43651",
"sourceIdentifier": "csirt@divd.nl",
"published": "2025-01-09T08:15:27.590",
"lastModified": "2025-01-09T08:15:27.590",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root\nThis issue affects Iocharger firmware for AC models before version 241207101\n\nLikelihood: Moderate \u2013 The <redacted> binary does not seem to be used by the web interface, so it might be more difficult to find. It seems to be largely the same binary as used by the Iocharger Pedestal charging station, however. The attacker will also need a (low privilege) account to gain access to the <redacted> binary, or convince a user with such access to execute a crafted HTTP request.\n\nImpact: Critical \u2013 The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and delete files and services.\n\nCVSS clarification:\u00a0Any network connection serving the web interface is vulnerable (AV:N) and there are no additional measures to circumvent (AC:L) nor does the attack require special conditions to be present (AT:N). The attack requires authentication, but the level does not matter (PR:L), nor is user interaction required (UI:N). The attack leads to a full compromised (VC:H/VI:H/VA:H) and a compromised device can be used to potentially \"pivot\" into a network that should nopt be reachable (SC:L/SI:L/SA:H). Because this is an EV charger handing significant power, there is a potential safety impact (S:P). THe attack can be autometed (AU:Y)."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "csirt@divd.nl",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:X/V:X/RE:X/U:X",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "LOW",
"subsequentSystemIntegrity": "LOW",
"subsequentSystemAvailability": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "PRESENT",
"automatable": "YES",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "csirt@divd.nl",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
},
{
"lang": "en",
"value": "CWE-250"
}
]
}
],
"references": [
{
"url": "https://csirt.divd.nl/CVE-2024-43651/",
"source": "csirt@divd.nl"
},
{
"url": "https://csirt.divd.nl/DIVD-2024-00035/",
"source": "csirt@divd.nl"
},
{
"url": "https://iocharger.com",
"source": "csirt@divd.nl"
}
]
}

90
CVE-2024/CVE-2024-436xx/CVE-2024-43652.json Normal file
View File

@ -0,0 +1,90 @@
{
"id": "CVE-2024-43652",
"sourceIdentifier": "csirt@divd.nl",
"published": "2025-01-09T08:15:27.757",
"lastModified": "2025-01-09T08:15:27.757",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root\nThis issue affects Iocharger firmware for AC model chargers before version 24120701\n\nLikelihood: Moderate \u2013 The <redacted> binary does not seem to be used by the web interface, so it might be more difficult to find. It seems to be largely the same binary as used by the Iocharger Pedestal charging station, however. The attacker will also need a (low privilege) account to gain access to the <redacted> binary, or convince a user with such access to execute a crafted HTTP request.\n\nImpact: Critical \u2013 The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and delete\nfiles and services."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "csirt@divd.nl",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:D/RE:M/U:X",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "LOW",
"subsequentSystemIntegrity": "LOW",
"subsequentSystemAvailability": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "PRESENT",
"automatable": "YES",
"recovery": "USER",
"valueDensity": "DIFFUSE",
"vulnerabilityResponseEffort": "MODERATE",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "csirt@divd.nl",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
},
{
"lang": "en",
"value": "CWE-250"
}
]
}
],
"references": [
{
"url": "https://csirt.divd.nl/CVE-2024-43652/",
"source": "csirt@divd.nl"
},
{
"url": "https://csirt.divd.nl/DIVD-2024-00035/",
"source": "csirt@divd.nl"
},
{
"url": "https://iocharger.com",
"source": "csirt@divd.nl"
}
]
}

90
CVE-2024/CVE-2024-436xx/CVE-2024-43653.json Normal file
View File

@ -0,0 +1,90 @@
{
"id": "CVE-2024-43653",
"sourceIdentifier": "csirt@divd.nl",
"published": "2025-01-09T08:15:27.950",
"lastModified": "2025-01-09T08:15:27.950",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability\u00a0 allows OS Command Injection as root\nThis issue affects Iocharger firmware for AC model chargers before version 24120701.\n\nLikelihood: Moderate \u2013 The <redacted> binary does not seem to be used by the web interface, so it might be more difficult to find. It seems to be largely the same binary as used by the Iocharger Pedestal charging station, however. The attacker will also need a (low privilege) account to gain access to the <redacted> binary, or convince a user with such access to execute a crafted HTTP request.\n\nImpact: Critical \u2013 The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and delete\nfiles and services.\n\nCVSS clarification: Any network interface serving the web ui is vulnerable (AV:N) and there are not additional security measures to circumvent (AC:L), nor does the attack require and existing preconditions (AT:N). The attack is authenticated, but the level of authentication does not matter (PR:L), nor is any user interaction required (UI:N). The attack leads to a full compromised (VC:H/VI:H/VA:H), and compromised devices can be used to pivot into networks that should potentially not be accessible (SC:L/SI:L/SA:H). Becuase this is an EV charger handing significant power, there is a potential safety impact (S:P). This attack can be automated (AU:Y)."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "csirt@divd.nl",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:X/V:X/RE:X/U:X",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "LOW",
"subsequentSystemIntegrity": "LOW",
"subsequentSystemAvailability": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "PRESENT",
"automatable": "YES",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "csirt@divd.nl",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
},
{
"lang": "en",
"value": "CWE-250"
}
]
}
],
"references": [
{
"url": "https://csirt.divd.nl/CVE-2024-43653/",
"source": "csirt@divd.nl"
},
{
"url": "https://csirt.divd.nl/DIVD-2024-00035/",
"source": "csirt@divd.nl"
},
{
"url": "https://iocharger.com",
"source": "csirt@divd.nl"
}
]
}

90
CVE-2024/CVE-2024-436xx/CVE-2024-43654.json Normal file
View File

@ -0,0 +1,90 @@
{
"id": "CVE-2024-43654",
"sourceIdentifier": "csirt@divd.nl",
"published": "2025-01-09T08:15:28.127",
"lastModified": "2025-01-09T08:15:28.127",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Iocharger firmware for AC models allows OS Command Injection as root\nThis issue affects all Iocharger AC EV charger models on a firmware version before 25010801.\n\nLikelihood: Moderate \u2013 The <redacted> binary does not seem to be used by the web interface, so it might be more difficult to find. It seems to be largely the same binary as used by the Iocharger Pedestal charging station, however. The attacker will also need a (low privilege) account to gain access to the <redacted> binary, or convince a user with such access to execute a crafted HTTP request.\n\nImpact: Critical \u2013 The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and delete\nfiles and services.\n\nCVSS clarification: Any network interface serving the web ui is vulnerable (AV:N) and there are not additional security measures to circumvent (AC:L), nor does the attack require and existing preconditions (AT:N). The attack is authenticated, but the level of authentication does not matter (PR:L), nor is any user interaction required (UI:N). The attack leads to a full compromised (VC:H/VI:H/VA:H), and compromised devices can be used to pivot into networks that should potentially not be accessible (SC:L/SI:L/SA:H). Becuase this is an EV charger handing significant power, there is a potential safety impact (S:P). This attack can be automated (AU:Y)."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "csirt@divd.nl",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:X/V:X/RE:X/U:X",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "LOW",
"subsequentSystemIntegrity": "LOW",
"subsequentSystemAvailability": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "PRESENT",
"automatable": "YES",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "csirt@divd.nl",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
},
{
"lang": "en",
"value": "CWE-250"
}
]
}
],
"references": [
{
"url": "https://csirt.divd.nl/CVE-2024-43654/",
"source": "csirt@divd.nl"
},
{
"url": "https://csirt.divd.nl/DIVD-2024-00035/",
"source": "csirt@divd.nl"
},
{
"url": "https://iocharger.com",
"source": "csirt@divd.nl"
}
]
}

90
CVE-2024/CVE-2024-436xx/CVE-2024-43655.json Normal file
View File

@ -0,0 +1,90 @@
{
"id": "CVE-2024-43655",
"sourceIdentifier": "csirt@divd.nl",
"published": "2025-01-09T08:15:28.300",
"lastModified": "2025-01-09T08:15:28.300",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root\n\nThis issue affects Iocharger firmware for AC model chargers before version 24120701.\n\nLikelihood: Moderate \u2013 The attacker will first need to find the name of the script, and needs a (low privilege) account to gain access to the script, or convince a user with such access to execute a request to it.\n\nImpact: Critical \u2013 The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and deletefiles and services.\n\nCVSS clarification: Any network interface serving the web ui is vulnerable (AV:N) and there are not additional security measures to circumvent (AC:L), nor does the attack require and existing preconditions (AT:N). The attack is authenticated, but the level of authentication does not matter (PR:L), nor is any user interaction required (UI:N). The attack leads to a full compromised (VC:H/VI:H/VA:H), and compromised devices can be used to pivot into networks that should potentially not be accessible (SC:L/SI:L/SA:H). Becuase this is an EV charger handing significant power, there is a potential safety impact (S:P). This attack can be automated (AU:Y)."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "csirt@divd.nl",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:X/V:X/RE:X/U:X",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "LOW",
"subsequentSystemIntegrity": "LOW",
"subsequentSystemAvailability": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "PRESENT",
"automatable": "YES",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "csirt@divd.nl",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
},
{
"lang": "en",
"value": "CWE-250"
}
]
}
],
"references": [
{
"url": "https://csirt.divd.nl/CVE-2024-43655/",
"source": "csirt@divd.nl"
},
{
"url": "https://csirt.divd.nl/DIVD-2024-00035/",
"source": "csirt@divd.nl"
},
{
"url": "https://iocharger.com",
"source": "csirt@divd.nl"
}
]
}

90
CVE-2024/CVE-2024-436xx/CVE-2024-43656.json Normal file
View File

@ -0,0 +1,90 @@
{
"id": "CVE-2024-43656",
"sourceIdentifier": "csirt@divd.nl",
"published": "2025-01-09T08:15:28.487",
"lastModified": "2025-01-09T08:15:28.487",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root\n\nThis issue affects Iocharger firmware for AC model chargers before version 24120701.\n\nLikelihood: Moderate \u2013 It might be difficult for an attacker to identify the file structure of the <redated> directory, and then modify the backup to add a new CGI script in the correct directory. Furthermore, the attacker will need an account to restore the settings backup, or convince a user with such access to upload a modified backup file.\n\nImpact: Critical \u2013 The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and deletefiles and services.\n\nCVSS clarification: Any network interface serving the web ui is vulnerable (AV:N) and there are not additional security measures to circumvent (AC:L), nor does the attack require and existing preconditions (AT:N). The attack is authenticated, but the level of authentication does not matter (PR:L), nor is any user interaction required (UI:N). The attack leads to a full compromised (VC:H/VI:H/VA:H), and compromised devices can be used to pivot into networks that should potentially not be accessible (SC:L/SI:L/SA:H). Becuase this is an EV charger handing significant power, there is a potential safety impact (S:P). This attack can be automated (AU:Y)."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "csirt@divd.nl",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:X/V:X/RE:X/U:X",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "LOW",
"subsequentSystemIntegrity": "LOW",
"subsequentSystemAvailability": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "PRESENT",
"automatable": "YES",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "csirt@divd.nl",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
},
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://csirt.divd.nl/CVE-2024-43656/",
"source": "csirt@divd.nl"
},
{
"url": "https://csirt.divd.nl/DIVD-2024-00035/",
"source": "csirt@divd.nl"
},
{
"url": "https://iocharger.com",
"source": "csirt@divd.nl"
}
]
}

90
CVE-2024/CVE-2024-436xx/CVE-2024-43657.json Normal file
View File

@ -0,0 +1,90 @@
{
"id": "CVE-2024-43657",
"sourceIdentifier": "csirt@divd.nl",
"published": "2025-01-09T08:15:28.680",
"lastModified": "2025-01-09T08:15:28.680",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root\n\nThis issue affects Iocharger firmware for AC model chargers before version 24120701.\n\nLikelihood: High. However, the attacker will need a (low privilege) account to gain access to the action.exe CGI binary and upload the crafted firmware file, or convince a user with such access to upload it.\n\nImpact: Critical \u2013 The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and deletefiles and services.\n\nCVSS clarification: Any network interface serving the web ui is vulnerable (AV:N) and there are not additional security measures to circumvent (AC:L), nor does the attack require and existing preconditions (AT:N). The attack is authenticated, but the level of authentication does not matter (PR:L), nor is any user interaction required (UI:N). The attack leads to a full compromised (VC:H/VI:H/VA:H), and compromised devices can be used to pivot into networks that should potentially not be accessible (SC:L/SI:L/SA:H). Becuase this is an EV charger handing significant power, there is a potential safety impact (S:P). This attack can be automated (AU:Y)."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "csirt@divd.nl",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:X/V:X/RE:X/U:X",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "LOW",
"subsequentSystemIntegrity": "LOW",
"subsequentSystemAvailability": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "PRESENT",
"automatable": "YES",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "csirt@divd.nl",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
},
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://csirt.divd.nl/CVE-2024-43657/",
"source": "csirt@divd.nl"
},
{
"url": "https://csirt.divd.nl/DIVD-2024-00035/",
"source": "csirt@divd.nl"
},
{
"url": "https://iocharger.com",
"source": "csirt@divd.nl"
}
]
}

90
CVE-2024/CVE-2024-436xx/CVE-2024-43658.json Normal file
View File

@ -0,0 +1,90 @@
{
"id": "CVE-2024-43658",
"sourceIdentifier": "csirt@divd.nl",
"published": "2025-01-09T08:15:28.867",
"lastModified": "2025-01-09T08:15:28.867",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Patch traversal, External Control of File Name or Path vulnerability in Iocharger Home allows deletion of arbitrary files\nThis issue affects Iocharger firmware for AC model before firmware version 25010801.\n\nLikelihood: High, but requires authentication\n\nImpact: Critical \u2013 The vulnerability can be used to delete any file on the charging station, severely impacting the integrity of the charging station. Furthermore, the vulnerability could be used to delete binaries required for the functioning of the charging station, severely impacting the availability of the charging station.\n\nCVSS clarification: Any network interface serving the web ui is vulnerable (AV:N) and there are not additional security measures to circumvent (AC:L), nor does the attack require and existing preconditions (AT:N). The attack is authenticated, but the level of authentication does not matter (PR:L), nor is any user interaction required (UI:N). The attack leads compromised of the integrity and availability of the device (VVC:N/VI:H/VA:H), with no effect on subsequent systems (SC:N/SI:N/SA:N). We do not forsee a safety impact (S:N). This attack can be automated (AU:Y)."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "csirt@divd.nl",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:X/V:X/RE:X/U:X",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NEGLIGIBLE",
"automatable": "YES",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "csirt@divd.nl",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-27"
},
{
"lang": "en",
"value": "CWE-73"
}
]
}
],
"references": [
{
"url": "https://csirt.divd.nl/CVE-2024-43658/",
"source": "csirt@divd.nl"
},
{
"url": "https://csirt.divd.nl/DIVD-2024-00035/",
"source": "csirt@divd.nl"
},
{
"url": "https://iocharger.com",
"source": "csirt@divd.nl"
}
]
}

94
CVE-2024/CVE-2024-436xx/CVE-2024-43659.json Normal file
View File

@ -0,0 +1,94 @@
{
"id": "CVE-2024-43659",
"sourceIdentifier": "csirt@divd.nl",
"published": "2025-01-09T08:15:29.060",
"lastModified": "2025-01-09T08:15:29.060",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "After gaining access to the firmware of a charging station, a file at <redacted> can be accessed to obtain default credentials that are the same across all Iocharger AC model EV chargers.\n\nThis issue affects Iocharger firmware for AC models before firmware version 25010801. \n\nThe issue is addressed by requiring a mandatory password change on first login, it is still recommended to change the password on older models.\n\nLikelihood: Moderate \u2013 The attacker will first have to abuse a code execution or file inclusion vulnerability (for example by using <redacted>.sh) to gain access to the <redacted>.json file, or obtain a firmware dump of the charging station or obtain the firmware via other channels.\n\nImpact: Critical \u2013 All chargers using Iocharger firmware for AC models started with the same initial password. For models with firmware version before 25010801 a password change was not mandatory. It is therefore very likely that this firmware password is still active on many chargers. These credentials could, once obtained, allow an attacker to log into many Iocharger charging station, and allow them to execute arbitrary commands via the System \u2192 Custom page.\n\nCVSS clarification: Any network interface serving the web ui is vulnerable (AV:N) and there are not additional security measures to circumvent (AC:L), nor does the attack require and existing preconditions (AT:N). The attack is authenticated, and requires high privileges (PR:H), there is no user interaction required (UI:N). The attack leads to a compromised of the confidentialy of the \"super user\" credentials of the device (VC:H/VI:N/VA:N), and can subsequently be used to full compromise and other devices (SC:H/SI:H/SA:H). Becuase this is an EV charger handing significant power, there is a potential safety impact (S:P). This attack can be automated (AU:Y)."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "csirt@divd.nl",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:N/R:X/V:X/RE:X/U:X",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "HIGH",
"subsequentSystemIntegrity": "HIGH",
"subsequentSystemAvailability": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "PRESENT",
"automatable": "NO",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "csirt@divd.nl",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-256"
},
{
"lang": "en",
"value": "CWE-1391"
},
{
"lang": "en",
"value": "CWE-1393"
}
]
}
],
"references": [
{
"url": "https://csirt.divd.nl/CVE-2024-43659/",
"source": "csirt@divd.nl"
},
{
"url": "https://csirt.divd.nl/DIVD-2024-00035/",
"source": "csirt@divd.nl"
},
{
"url": "https://iocharger.com",
"source": "csirt@divd.nl"
}
]
}

86
CVE-2024/CVE-2024-436xx/CVE-2024-43660.json Normal file
View File

@ -0,0 +1,86 @@
{
"id": "CVE-2024-43660",
"sourceIdentifier": "csirt@divd.nl",
"published": "2025-01-09T08:15:29.267",
"lastModified": "2025-01-09T08:15:29.267",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CGI script <redacted>.sh can be used to download any file on the filesystem.\n\nThis issue affects Iocharger firmware for AC model chargers beforeversion 24120701.\n\nLikelihood: High, but credentials required.\n\nImpact: Critical \u2013 The script can be used to download any file on the filesystem, including sensitive files such as /etc/shadow, the CGI script source code or binaries and configuration files.\n\nCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/S:P/AU:Y\nCVSS clarification. The attack can be executed over any network connection the station is listening to and serves the web interface (AV:N), and there are no additional security measure sin place that need to be circumvented (AC:L), the attack does not rely on preconditions (AT:N). The attack does require authentication, but the level of authentication is irrelevant (PR:L), it does not require user interaction (UI:N). The confidentiality of all files of the devicd can be compromised (VC:H/VI:N/VA:N). There is no impact on subsequent systems. (SC:N/SI:N/SA:N). While this device is an EV charger handing significant amounts of power, this attack in isolation does not have a safety impact. The attack can be automated (AU:Y)."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "csirt@divd.nl",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:X",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "YES",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "csirt@divd.nl",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-552"
}
]
}
],
"references": [
{
"url": "https://csirt.divd.nl/CVE-2024-43660/",
"source": "csirt@divd.nl"
},
{
"url": "https://csirt.divd.nl/DIVD-2024-00035/",
"source": "csirt@divd.nl"
},
{
"url": "https://iocharger.com",
"source": "csirt@divd.nl"
}
]
}

86
CVE-2024/CVE-2024-436xx/CVE-2024-43661.json Normal file
View File

@ -0,0 +1,86 @@
{
"id": "CVE-2024-43661",
"sourceIdentifier": "csirt@divd.nl",
"published": "2025-01-09T08:15:29.450",
"lastModified": "2025-01-09T08:15:29.450",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The <redacted>.so library, which is used by <redacted>, is\nvulnerable to a buffer overflow in the code that handles the deletion\nof certificates. This buffer overflow can be triggered by providing a\nlong file path to the <redacted> action of the <redacted>.exe CGI binary or\nto the <redacted>.sh CGI script. This binary or script will write this\nfile path to <redacted>, which is then\nread by <redacted>.so\n\n\nThis issue affects Iocharger firmware for AC models before version 24120701.\n\nLikelihood: Moderate \u2013 An attacker will have to find this exploit by\neither obtaining the binaries involved in this vulnerability, or by trial\nand error. Furthermore, the attacker will need a (low privilege)\naccount to gain access to the <redacted>.exe CGI binary or <redacted>.sh\nscript to trigger the vulnerability, or convince a user with such access\nsend an HTTP request that triggers it.\n\n\nImpact: High \u2013 The <redacted> process, which we assume is\nresponsible for OCPP communication, will keep crashing after\nperforming the exploit. This happens because the buffer overflow\ncauses the process to segfault before\n<redacted> is removed. This means that,\neven though <redacted> is automatically restarted, it will crash\nagain as soon as it tries to parse the text file.\n\nCVSS clarification. The attack can be executed over any network connection the station is listening to and serves the web interface (AV:N), and there are no additional security measure sin place that need to be circumvented (AC:L), the attack does not rely on preconditions (AT:N). The attack does require authentication, but the level of authentication is irrelevant (PR:L), it does not require user interaction (UI:N). The attack leads to reducred availability of the device (VC:N/VI:N/VA:H). THere is not impact on subsequent systems. (SC:N/SI:N/SA:N). Alltough this device is an EV charger handing significant amounts of power, we do not forsee a safety impact. The attack can be automated (AU:Y). Because the DoS condition is written to disk persistantly, it cannot be recovered by the user (R:I)."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "csirt@divd.nl",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:I/V:X/RE:X/U:X",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "YES",
"recovery": "IRRECOVERABLE",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "csirt@divd.nl",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://csirt.divd.nl/CVE-2024-43661/",
"source": "csirt@divd.nl"
},
{
"url": "https://csirt.divd.nl/DIVD-2024-00035/",
"source": "csirt@divd.nl"
},
{
"url": "https://iocharger.com",
"source": "csirt@divd.nl"
}
]
}

90
CVE-2024/CVE-2024-436xx/CVE-2024-43662.json Normal file
View File

@ -0,0 +1,90 @@
{
"id": "CVE-2024-43662",
"sourceIdentifier": "csirt@divd.nl",
"published": "2025-01-09T08:15:29.637",
"lastModified": "2025-01-09T08:15:29.637",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The <redacted>.exe or <redacted>.exe CGI binary can be used to upload arbitrary files to /tmp/upload/ or /tmp/ respectively as any user, although the user interface for uploading files is only shown to the iocadmin user.\n\nThis issue affects Iocharger firmware for AC models before version 24120701.\n\nLikelihood: Moderate \u2013 An attacker will need to have knowledge of this CGI binary, e.g. by finding it in firmware. Furthermore, the attacker will need a (low privilege) account to gain access to the <redacted>.exe or <redacted>.exe CGI binary and upload the file, or convince a user with such access to upload it.\n\nImpact: Low \u2013 The attacker can upload arbitrary files to /tmp/upload/ or /tmp/. However, the attacker is unable to access or use these files without other vulnerabilities.\n\nCVSS clarification. The attack can be executed over any network connection the station is listening to and serves the web interface (AV:N), and there are no additional security measure sin place that need to be circumvented (AC:L), the attack does not rely on preconditions (AT:N). The attack does require authentication, but the level of authentication is irrelevant (PR:L), it does not require user interaction (UI:N). Artitrary files can be uploaded, be these files will not be in a location where they can influence confidentiality or availability and have a minimal impact on device integrity (VC:N/VI:L/VA:N). There is no impact on subsequent systems. (SC:N/SI:N/SA:N). While this device is an EV charger handing significant amounts of power, we do not expect this vulnerability to have a safety impact. The attack can be automated (AU:Y)."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "csirt@divd.nl",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "YES",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "csirt@divd.nl",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
},
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://csirt.divd.nl/CVE-2024-43662/",
"source": "csirt@divd.nl"
},
{
"url": "https://csirt.divd.nl/DIVD-2024-00035/",
"source": "csirt@divd.nl"
},
{
"url": "https://iocharger.com",
"source": "csirt@divd.nl"
}
]
}

86
CVE-2024/CVE-2024-436xx/CVE-2024-43663.json Normal file
View File

@ -0,0 +1,86 @@
{
"id": "CVE-2024-43663",
"sourceIdentifier": "csirt@divd.nl",
"published": "2025-01-09T08:15:29.810",
"lastModified": "2025-01-09T08:15:29.810",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are many buffer overflow vulnerabilities present in several CGI binaries of the charging station.This issue affects Iocharger firmware for AC model chargers beforeversion 24120701.\n\nLikelihood: High \u2013 Given the prevalence of these buffer overflows, and the clear error message of the web server, an attacker is very likely to be able to find these vulnerabilities.\n\nImpact: Low \u2013 Usually, overflowing one of these buffers just causes a segmentation fault of the CGI binary, which causes the web server to return a 502 Bad Gateway error. However the webserver itself is not affected, and no DoS can be achieved. Abusing these buffer overflows in a meaningful way requires highly technical knowledge, especially since ASLR also seems to be enabled on the charging station. However, a skilled attacker might be able to use one of these buffer overflows to obtain remote code execution.\n\nCVSS clarification. The attack can be executed over any network connection the station is listening to and serves the web interface (AV:N), and there are no additional security measure sin place that need to be circumvented (AC:L), the attack does not rely on preconditions (AT:N). The attack does require authentication, but the level of authentication is irrelevant (PR:L), it does not require user interaction (UI:N). The attack has a small impact on the availability of the device (VC:N/VI:N/VA:L). There is no impact on subsequent systems. (SC:N/SI:N/SA:N). While this device is an EV charger handing significant amounts of power, we do not expect\u00a0 this vulnerability to have a safety impact. The attack can be automated (AU:Y)."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "csirt@divd.nl",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "YES",
"recovery": "AUTOMATIC",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "csirt@divd.nl",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://csirt.divd.nl/CVE-2024-43663/",
"source": "csirt@divd.nl"
},
{
"url": "https://csirt.divd.nl/DIVD-2024-00035/",
"source": "csirt@divd.nl"
},
{
"url": "https://iocharger.com",
"source": "csirt@divd.nl"
}
]
}

20
CVE-2024/CVE-2024-503xx/CVE-2024-50312.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-50312",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-10-22T14:15:19.973",
"lastModified": "2024-10-30T18:35:56.753",
"vulnStatus": "Analyzed",
"lastModified": "2025-01-09T07:15:26.893",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -18,7 +18,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secalert@redhat.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -38,7 +38,7 @@
"impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -56,15 +56,13 @@
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
],
"cvssMetricV30": [
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",

33
CVE-2024/CVE-2024-537xx/CVE-2024-53704.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-53704",
"sourceIdentifier": "PSIRT@sonicwall.com",
"published": "2025-01-09T07:15:27.203",
"lastModified": "2025-01-09T07:15:27.203",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication."
}
],
"metrics": {},
"weaknesses": [
{
"source": "PSIRT@sonicwall.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003",
"source": "PSIRT@sonicwall.com"
}
]
}

33
CVE-2024/CVE-2024-537xx/CVE-2024-53705.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-53705",
"sourceIdentifier": "PSIRT@sonicwall.com",
"published": "2025-01-09T07:15:27.363",
"lastModified": "2025-01-09T07:15:27.363",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Server-Side Request Forgery vulnerability in the SonicOS SSH management interface allows a remote attacker to establish a TCP connection to an IP address on any port when the user is logged in to the firewall."
}
],
"metrics": {},
"weaknesses": [
{
"source": "PSIRT@sonicwall.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003",
"source": "PSIRT@sonicwall.com"
}
]
}

33
CVE-2024/CVE-2024-537xx/CVE-2024-53706.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-53706",
"sourceIdentifier": "PSIRT@sonicwall.com",
"published": "2025-01-09T07:15:27.520",
"lastModified": "2025-01-09T07:15:27.520",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Gen7 SonicOS Cloud platform NSv, allows a remote authenticated local low-privileged attacker to elevate privileges to `root` and potentially lead to code execution."
}
],
"metrics": {},
"weaknesses": [
{
"source": "PSIRT@sonicwall.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003",
"source": "PSIRT@sonicwall.com"
}
]
}

6
CVE-2025/CVE-2025-01xx/CVE-2025-0194.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2025-0194",
"sourceIdentifier": "cve@gitlab.com",
"published": "2025-01-08T20:15:29.193",
"lastModified": "2025-01-08T20:15:29.193",
"lastModified": "2025-01-09T07:15:27.667",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in GitLab CE/EE affecting all versions starting from 17.4 prior to 17.5.1, starting from 17.6 prior to 17.6.1, and starting from 17.7 prior to 17.7.1. Under certain conditions, access tokens may have been logged when API requests were made in a specific manner."
"value": "An issue was discovered in GitLab CE/EE affecting all versions starting from 17.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. Under certain conditions, access tokens may have been logged when API requests were made in a specific manner."
}
],
"metrics": {
@ -38,7 +38,7 @@
"weaknesses": [
{
"source": "cve@gitlab.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",

141
CVE-2025/CVE-2025-03xx/CVE-2025-0336.json Normal file
View File

@ -0,0 +1,141 @@
{
"id": "CVE-2025-0336",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-01-09T07:15:27.860",
"lastModified": "2025-01-09T07:15:27.860",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Codezips Project Management System 1.0. It has been classified as critical. This affects an unknown part of the file /pages/forms/teacher.php. The manipulation of the argument name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseScore": 6.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/fuulof/CVE/issues/1",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.290823",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.290823",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.475493",
"source": "cna@vuldb.com"
}
]
}

141
CVE-2025/CVE-2025-03xx/CVE-2025-0339.json Normal file
View File

@ -0,0 +1,141 @@
{
"id": "CVE-2025-0339",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-01-09T07:15:28.080",
"lastModified": "2025-01-09T07:15:28.080",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in code-projects Online Bike Rental 1.0. Affected is an unknown function of the file /vehical-details.php of the component HTTP GET Request Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 3.5,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseScore": 4.0,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.290826",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.290826",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.475731",
"source": "cna@vuldb.com"
}
]
}

141
CVE-2025/CVE-2025-03xx/CVE-2025-0340.json Normal file
View File

@ -0,0 +1,141 @@
{
"id": "CVE-2025-0340",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-01-09T07:15:28.260",
"lastModified": "2025-01-09T07:15:28.260",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in code-projects Cinema Seat Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/deleteBooking.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"baseScore": 7.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.290827",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.290827",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.476707",
"source": "cna@vuldb.com"
}
]
}

145
CVE-2025/CVE-2025-03xx/CVE-2025-0341.json Normal file
View File

@ -0,0 +1,145 @@
{
"id": "CVE-2025-0341",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-01-09T08:15:30.060",
"lastModified": "2025-01-09T08:15:30.060",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in CampCodes Computer Laboratory Management System 1.0. Affected by this issue is some unknown functionality of the file /class/edit/edit. The manipulation of the argument e_photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseScore": 6.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
},
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://github.com/shaturo1337/POCs/blob/main/Remote%20Code%20Execution%20via%20Arbitrary%20File%20Upload%20in%20Computer%20Laboratory%20Management%20System.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.290828",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.290828",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.476884",
"source": "cna@vuldb.com"
},
{
"url": "https://www.campcodes.com/",
"source": "cna@vuldb.com"
}
]
}

145
CVE-2025/CVE-2025-03xx/CVE-2025-0342.json Normal file
View File

@ -0,0 +1,145 @@
{
"id": "CVE-2025-0342",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-01-09T08:15:30.310",
"lastModified": "2025-01-09T08:15:30.310",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in CampCodes Computer Laboratory Management System 1.0. This affects an unknown part of the file /class/edit/edit. The manipulation of the argument s_lname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 3.5,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseScore": 4.0,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://github.com/shaturo1337/POCs/blob/main/Stored%20XSS%20Vulnerability%20in%20Computer%20Laboratory%20Management%20System.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.290829",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.290829",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.476897",
"source": "cna@vuldb.com"
},
{
"url": "https://www.campcodes.com/",
"source": "cna@vuldb.com"
}
]
}

141
CVE-2025/CVE-2025-03xx/CVE-2025-0344.json Normal file
View File

@ -0,0 +1,141 @@
{
"id": "CVE-2025-0344",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-01-09T08:15:30.517",
"lastModified": "2025-01-09T08:15:30.517",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in leiyuxi cy-fast 1.0 and classified as critical. Affected by this vulnerability is the function listData of the file /commpara/listData. The manipulation of the argument order leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseScore": 6.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/d3do-23/cvelist/blob/main/cy-fast/sqli3.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.290857",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.290857",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.475747",
"source": "cna@vuldb.com"
}
]
}

56
CVE-2025/CVE-2025-200xx/CVE-2025-20033.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-20033",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2025-01-09T07:15:28.450",
"lastModified": "2025-01-09T07:15:28.450",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post types, which allows attackers to deny service to users with the sysconsole_read_plugins permission via creating a post with the custom_pl_notification type and specific props."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1287"
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
}
]
}

56
CVE-2025/CVE-2025-224xx/CVE-2025-22445.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-22445",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2025-01-09T07:15:28.617",
"lastModified": "2025-01-09T07:15:28.617",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 10.x <= 10.2 fail to accurately reflect missing settings, which allows confusion for admins regarding a Calls security-sensitive configuration via incorrect UI reporting."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"baseScore": 3.5,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-754"
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
}
]
}

56
CVE-2025/CVE-2025-224xx/CVE-2025-22449.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-22449",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2025-01-09T07:15:28.777",
"lastModified": "2025-01-09T07:15:28.777",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 9.11.x <= 9.11.5 fail to enforce invite permissions, which allows team admins, with no permission to invite users to their team, to invite users by updating the \"allow_open_invite\" field via making their team public."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 3.8,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.2,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
}
]
}

49
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2025-01-09T07:00:21.887665+00:00
2025-01-09T09:00:22.531137+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2025-01-09T06:15:15.850000+00:00
2025-01-09T08:15:30.517000+00:00
```
### Last Data Feed Release
@ -33,31 +33,46 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
276386
276421
```
### CVEs added in the last Commit
Recently added CVEs: `12`
Recently added CVEs: `35`
- [CVE-2024-10815](CVE-2024/CVE-2024-108xx/CVE-2024-10815.json) (`2025-01-09T06:15:14.533`)
- [CVE-2024-12714](CVE-2024/CVE-2024-127xx/CVE-2024-12714.json) (`2025-01-09T06:15:14.797`)
- [CVE-2024-12715](CVE-2024/CVE-2024-127xx/CVE-2024-12715.json) (`2025-01-09T06:15:14.917`)
- [CVE-2024-12717](CVE-2024/CVE-2024-127xx/CVE-2024-12717.json) (`2025-01-09T06:15:15.040`)
- [CVE-2024-12731](CVE-2024/CVE-2024-127xx/CVE-2024-12731.json) (`2025-01-09T06:15:15.150`)
- [CVE-2024-12736](CVE-2024/CVE-2024-127xx/CVE-2024-12736.json) (`2025-01-09T06:15:15.273`)
- [CVE-2024-6324](CVE-2024/CVE-2024-63xx/CVE-2024-6324.json) (`2025-01-09T06:15:15.390`)
- [CVE-2025-0328](CVE-2025/CVE-2025-03xx/CVE-2025-0328.json) (`2025-01-09T05:15:07.997`)
- [CVE-2025-0331](CVE-2025/CVE-2025-03xx/CVE-2025-0331.json) (`2025-01-09T05:15:08.237`)
- [CVE-2025-0333](CVE-2025/CVE-2025-03xx/CVE-2025-0333.json) (`2025-01-09T05:15:08.453`)
- [CVE-2025-0334](CVE-2025/CVE-2025-03xx/CVE-2025-0334.json) (`2025-01-09T06:15:15.610`)
- [CVE-2025-0335](CVE-2025/CVE-2025-03xx/CVE-2025-0335.json) (`2025-01-09T06:15:15.850`)
- [CVE-2024-43651](CVE-2024/CVE-2024-436xx/CVE-2024-43651.json) (`2025-01-09T08:15:27.590`)
- [CVE-2024-43652](CVE-2024/CVE-2024-436xx/CVE-2024-43652.json) (`2025-01-09T08:15:27.757`)
- [CVE-2024-43653](CVE-2024/CVE-2024-436xx/CVE-2024-43653.json) (`2025-01-09T08:15:27.950`)
- [CVE-2024-43654](CVE-2024/CVE-2024-436xx/CVE-2024-43654.json) (`2025-01-09T08:15:28.127`)
- [CVE-2024-43655](CVE-2024/CVE-2024-436xx/CVE-2024-43655.json) (`2025-01-09T08:15:28.300`)
- [CVE-2024-43656](CVE-2024/CVE-2024-436xx/CVE-2024-43656.json) (`2025-01-09T08:15:28.487`)
- [CVE-2024-43657](CVE-2024/CVE-2024-436xx/CVE-2024-43657.json) (`2025-01-09T08:15:28.680`)
- [CVE-2024-43658](CVE-2024/CVE-2024-436xx/CVE-2024-43658.json) (`2025-01-09T08:15:28.867`)
- [CVE-2024-43659](CVE-2024/CVE-2024-436xx/CVE-2024-43659.json) (`2025-01-09T08:15:29.060`)
- [CVE-2024-43660](CVE-2024/CVE-2024-436xx/CVE-2024-43660.json) (`2025-01-09T08:15:29.267`)
- [CVE-2024-43661](CVE-2024/CVE-2024-436xx/CVE-2024-43661.json) (`2025-01-09T08:15:29.450`)
- [CVE-2024-43662](CVE-2024/CVE-2024-436xx/CVE-2024-43662.json) (`2025-01-09T08:15:29.637`)
- [CVE-2024-43663](CVE-2024/CVE-2024-436xx/CVE-2024-43663.json) (`2025-01-09T08:15:29.810`)
- [CVE-2024-53704](CVE-2024/CVE-2024-537xx/CVE-2024-53704.json) (`2025-01-09T07:15:27.203`)
- [CVE-2024-53705](CVE-2024/CVE-2024-537xx/CVE-2024-53705.json) (`2025-01-09T07:15:27.363`)
- [CVE-2024-53706](CVE-2024/CVE-2024-537xx/CVE-2024-53706.json) (`2025-01-09T07:15:27.520`)
- [CVE-2025-0336](CVE-2025/CVE-2025-03xx/CVE-2025-0336.json) (`2025-01-09T07:15:27.860`)
- [CVE-2025-0339](CVE-2025/CVE-2025-03xx/CVE-2025-0339.json) (`2025-01-09T07:15:28.080`)
- [CVE-2025-0340](CVE-2025/CVE-2025-03xx/CVE-2025-0340.json) (`2025-01-09T07:15:28.260`)
- [CVE-2025-0341](CVE-2025/CVE-2025-03xx/CVE-2025-0341.json) (`2025-01-09T08:15:30.060`)
- [CVE-2025-0342](CVE-2025/CVE-2025-03xx/CVE-2025-0342.json) (`2025-01-09T08:15:30.310`)
- [CVE-2025-0344](CVE-2025/CVE-2025-03xx/CVE-2025-0344.json) (`2025-01-09T08:15:30.517`)
- [CVE-2025-20033](CVE-2025/CVE-2025-200xx/CVE-2025-20033.json) (`2025-01-09T07:15:28.450`)
- [CVE-2025-22445](CVE-2025/CVE-2025-224xx/CVE-2025-22445.json) (`2025-01-09T07:15:28.617`)
- [CVE-2025-22449](CVE-2025/CVE-2025-224xx/CVE-2025-22449.json) (`2025-01-09T07:15:28.777`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `2`
- [CVE-2024-50312](CVE-2024/CVE-2024-503xx/CVE-2024-50312.json) (`2025-01-09T07:15:26.893`)
- [CVE-2025-0194](CVE-2025/CVE-2025-01xx/CVE-2025-0194.json) (`2025-01-09T07:15:27.667`)
## Download and Usage

63
_state.csv
View File

@ -214936,6 +214936,7 @@ CVE-2023-1903,0,0,efc0da96e9efec639f57af0da1386824a9dd54cff194afba825592fcb11607
CVE-2023-1904,0,0,ffbb7dc031b91f22a73be42c7f56c7040dc466cc7cc9e04b2035e3635dd9de4c,2024-11-21T07:40:06.983000
CVE-2023-1905,0,0,1c8e69e154302dafb57f6191602005d1fb9f553d13ff7fd58cbba47c267631e4,2024-11-21T07:40:07.103000
CVE-2023-1906,0,0,2474c3121c418f8f1b9c7898365edb5f0f5ff817f30d9fbbb045c48845873f42,2024-11-21T07:40:07.200000
CVE-2023-1907,1,1,1461563d5ed7ef4393202a489273cc6851e080eaa8c7088b7a3a013e6476b08a,2025-01-09T08:15:24.477000
CVE-2023-1908,0,0,a7f3750c6e61e1597fb00574a671512440b074bfd7d382966345f4da285e0184,2024-11-21T07:40:07.320000
CVE-2023-1909,0,0,e49817fc9d0a21e868f8dcf99cb6ba1f1e8637a8a1ac71c8aea4dcba2d56a97b,2024-11-21T07:40:07.440000
CVE-2023-1910,0,0,37c041e704ac5ae2514337a89fa66ad555ee848903b68628fbb411ed56a08fa9,2024-11-25T16:47:33.943000
@ -243881,7 +243882,7 @@ CVE-2024-1081,0,0,4e0bb84bfbb515e8e6662d2f875a9bb7899411cc135025881bd47d9f276345
CVE-2024-10810,0,0,462940493f0b1c5b280616ee9b6e4ca0acc2fe73d901d9b38b41895de26ba591,2024-11-06T15:16:12.497000
CVE-2024-10813,0,0,8f0d87c8561d66a428b124b04ac3dd7eb7202f93dd365239b75e2107b61a0c57,2024-11-23T04:15:07.800000
CVE-2024-10814,0,0,24cd3cc9c72ab7020b87ed743b9bbaf59702cba37c3042eada5a620d131514e7,2024-11-12T13:56:24.513000
CVE-2024-10815,1,1,620a1137db7d80f0a4a2866a59564ecdb8f05915cd6421e28923896e59f45fcd,2025-01-09T06:15:14.533000
CVE-2024-10815,0,0,620a1137db7d80f0a4a2866a59564ecdb8f05915cd6421e28923896e59f45fcd,2025-01-09T06:15:14.533000
CVE-2024-10816,0,0,26285e9b2ee00beb2b7e65eb9860b931d998a377d6a13b3bf8cda452f0b657d2,2024-11-13T17:01:16.850000
CVE-2024-1082,0,0,15848b2b0524454d542c04087dfa80d78199ba8d7edfbd0b12b87db452374b0f,2024-11-21T08:49:45.430000
CVE-2024-10820,0,0,bf9d28b16e948ef83988df033dfb0ac82ff3713b45d4528e33ad22cd94422f74,2024-11-19T17:38:16.363000
@ -245355,9 +245356,9 @@ CVE-2024-12710,0,0,47453914e1b74979b7cb104fe22d1ae9255e40512305ca5e5237f17f98821
CVE-2024-12711,0,0,af63df0fc664529f876fb1b7e42d9f7f11e38264d63e374c64c561e006838c50,2025-01-07T12:15:24.503000
CVE-2024-12712,0,0,984c619ebdcbfd1e3e1dca93b7658387a748ef9201a06bcad981abce7c3ba06f,2025-01-08T10:15:06.660000
CVE-2024-12713,0,0,e6c175f4b410ded191dec5f6f687c64efe390496ffa1b50119935b0d26dfb4ad,2025-01-08T04:15:06.967000
CVE-2024-12714,1,1,cf7c6adb526324dfcb4309e88980a1e23076ca62a5a6fff5de4c92d8409bee34,2025-01-09T06:15:14.797000
CVE-2024-12715,1,1,9a04e1fde37f77ec673d4a61f145f9ad98d8b4a8d63879896a9e13ab752b69f1,2025-01-09T06:15:14.917000
CVE-2024-12717,1,1,49bc76de39b55231ef5f5ff9922ce5f884d95ff1ce1c36881dd4d90d61e20627,2025-01-09T06:15:15.040000
CVE-2024-12714,0,0,cf7c6adb526324dfcb4309e88980a1e23076ca62a5a6fff5de4c92d8409bee34,2025-01-09T06:15:14.797000
CVE-2024-12715,0,0,9a04e1fde37f77ec673d4a61f145f9ad98d8b4a8d63879896a9e13ab752b69f1,2025-01-09T06:15:14.917000
CVE-2024-12717,0,0,49bc76de39b55231ef5f5ff9922ce5f884d95ff1ce1c36881dd4d90d61e20627,2025-01-09T06:15:15.040000
CVE-2024-12719,0,0,f1c1e2dd855d248bd97d2bae5f7baeccac20810feec3cd62c70cf667fd59aed5,2025-01-07T10:15:07.323000
CVE-2024-1272,0,0,6fe2ae3dbf4ac28af0ee3734ec3f1128a5e90306284fb984019a39811655512d,2024-11-21T08:50:12.417000
CVE-2024-12721,0,0,602b63fd821f3e12d745be832faac963714770e5a5cf419d7f91dc50f0276cf3,2024-12-21T07:15:09.793000
@ -245365,8 +245366,8 @@ CVE-2024-12727,0,0,b783145694badccf248249bee0c82f1aff0f923b8a3e56851318776364e6e
CVE-2024-12728,0,0,917e9cd9de621c11266a9c64ec7f57ccf5bdf0122fd22a40a0ec7d20acff7a35,2024-12-19T21:15:07.863000
CVE-2024-12729,0,0,48b3a23ce4e01eb74edff0cd115d9897f3f81428607bbc5ad97846c1af686c7b,2024-12-19T22:15:05.087000
CVE-2024-1273,0,0,e8464b176bd39036e0f45e4b49d8110f84d3d3960c826bc9710c36200b4f5e6c,2024-11-21T08:50:12.557000
CVE-2024-12731,1,1,1e1297b11f2a86f470c1e832bc15cc4a3983ee2a079b0d9fa07d164e91e0f0d5,2025-01-09T06:15:15.150000
CVE-2024-12736,1,1,02b7995bf62698b96f3b7a3f77b39521e1d64cbf4197e93ce7cfccd7835d9edc,2025-01-09T06:15:15.273000
CVE-2024-12731,0,0,1e1297b11f2a86f470c1e832bc15cc4a3983ee2a079b0d9fa07d164e91e0f0d5,2025-01-09T06:15:15.150000
CVE-2024-12736,0,0,02b7995bf62698b96f3b7a3f77b39521e1d64cbf4197e93ce7cfccd7835d9edc,2025-01-09T06:15:15.273000
CVE-2024-12738,0,0,62b9ca699b87e6b4afa6aacb7bdfd82cc9a3781e94484aea8f243a786784d89c,2025-01-07T13:15:07.357000
CVE-2024-1274,0,0,8b1ee7c9f6e7817a23a525a715cd0c1ef18c567c26c711e49e1e872df04cda9a,2024-11-21T08:50:12.730000
CVE-2024-12741,0,0,c9f183fb88063863d511dd9a34a59e6fd50d2f3a53a8fd3b665d83eeabe6e5e3,2024-12-18T20:15:22.390000
@ -245399,6 +245400,9 @@ CVE-2024-12793,0,0,2902a16bfecddc21a8d8d04e8f0997250ef373c3635003ef32f9127592c72
CVE-2024-12794,0,0,1f45437b8b28f90cd480ff6b28049ee2f0d50b6e09b9de7825840b2430eeb83b,2025-01-06T14:40:23.127000
CVE-2024-12798,0,0,5bd2c8c2d17a4f0af35e3d86ea1aab510b9864bd24d1725787e693a4849fe677,2025-01-03T14:15:24.370000
CVE-2024-12801,0,0,0e0d6365f891eca7b68a17e99dee519237772ad2d2b9b95e05e08c492aa73c2f,2025-01-03T14:15:24.500000
CVE-2024-12803,1,1,39b13515bd90582cf33d0ed4f88d02f6b7dfc604d3edbbab329fd26f0ea79caa,2025-01-09T08:15:26.007000
CVE-2024-12805,1,1,88244c73e27c67bc8006e84c4e0b60b1c6b6d146df3eb2fafe424e792ef9edfa,2025-01-09T08:15:26.247000
CVE-2024-12806,1,1,9ca03f14d28b1eb09c39d6105bff209df4089157e217b8603b11751d7e40ad7a,2025-01-09T08:15:26.417000
CVE-2024-12814,0,0,9d88ed8035fdc2fe3c6fe32e0accb8f4976205d682521fcc6260cfe967c9dc43,2024-12-24T07:15:10.800000
CVE-2024-1282,0,0,e6b07825f0f3597687613e3a6164d0e157f6f527c33c61eb8d90ec07193bdec2,2024-11-21T08:50:13.520000
CVE-2024-12828,0,0,a29f7d175d08af9e9a3e3b2d9a239843d4c47c7b84f9529c7b9ddf19ae5c7fea,2024-12-30T17:15:07.717000
@ -245573,6 +245577,7 @@ CVE-2024-13038,0,0,07021c3f3e4e5ad8d59084daa2472f76a36a62f583200e4e988b2985299ac
CVE-2024-13039,0,0,2ff048e2898a94c89e2fe46d15a6b69b7d24fd911b280e248c70b61bbb5acce0,2024-12-30T17:15:08.597000
CVE-2024-1304,0,0,7f3d377d10786bd7b29e3437adfa1f791151a43db698785def3901d685804d14,2024-11-21T08:50:16.717000
CVE-2024-13040,0,0,48eac60daed7d09b05d10239614a9afabab092e37582ba3e02178f3736c64fc0,2024-12-31T02:15:06.303000
CVE-2024-13041,1,1,49054a6a33743c1e6ab55e3ca334f47a3844e5906bbaad1d3a49a9cb1e9a2e09,2025-01-09T07:15:26.497000
CVE-2024-13042,0,0,1f81fc2eec05a9223456735091886113e5fb919c6582ca39f0497333c1ba2b59,2025-01-04T13:15:06.483000
CVE-2024-13043,0,0,d417b605205dbe84f83258ea316ba45f837391250bcff3253069ffacb1fd1864,2025-01-03T20:56:34.317000
CVE-2024-13044,0,0,2a60dae76075d731a7a10d4f5dd3f064d1a9a7527f55b8c35dfff24662fef8aa,2025-01-03T17:38:23.907000
@ -261984,8 +261989,10 @@ CVE-2024-40750,0,0,c491090d917045d507fa28976c97558943f972457181ebb36c0ba9aa25c97
CVE-2024-40754,0,0,bd9d6903684af54e3d4f528bdae88b70db33043ddc74f4404f7d893dbc9cb397,2024-09-10T14:35:04.833000
CVE-2024-4076,0,0,6f41301410bb850ac724eb349beb08670550e5e1ae7ac3c04b8cf5e2d874d5bd,2024-11-21T09:42:08.807000
CVE-2024-40761,0,0,98df27f9ab08289b73f70adffa16577ee132bdfd9b5e346e5d494328018c9b31,2024-11-21T09:31:34.510000
CVE-2024-40762,1,1,a7fbc3ec51883c7c1bf42de1c756299288a6532ae6ffd10d35fcdcaa53ac6fd3,2025-01-09T07:15:26.730000
CVE-2024-40763,0,0,03a98910bacc7a91881ba5927386bf799784ceed39e50818d2356358d82576a8,2024-12-05T17:15:11.720000
CVE-2024-40764,0,0,716c9029e61b77a0d9603bd5e4ce9d607d5f6a696fe7c8edc6ff51f3b795b731,2024-11-21T09:31:34.703000
CVE-2024-40765,1,1,dcc858012082642755bee9045aabed3fc3e42f650b0a9b38d01bed6c6e1fa250,2025-01-09T08:15:26.797000
CVE-2024-40766,0,0,245a65896d5e59cbc106ef8982774d28e0903e2f3e66c1e0224a1b4643d1a16a,2024-09-16T19:48:30.827000
CVE-2024-40767,0,0,d8daa36a05263c3ffe16e1b113badcb7ade4182a8a1be061cbdf839ea5fdacae,2024-11-21T09:31:35.113000
CVE-2024-4077,0,0,8de588b7fa8bc539a1390a30d26ffec16c49968012710ff1d0939c2fbeb8f325,2024-11-21T09:42:08.940000
@ -264207,8 +264214,24 @@ CVE-2024-43644,0,0,d7ae81dc39a8d80999b28a10bf2b9f4f3ec0b06b97a543b1aa4024a754a61
CVE-2024-43645,0,0,3483c2f4a4e8d8673a85c08c57279dcaf2dcabe54994c554778de6585015f0e0,2024-11-18T22:17:01.340000
CVE-2024-43646,0,0,e44ad8cceba821cb635623bea36106bdbc329e7b38ada87c67235302b176e252,2024-11-18T22:17:53.577000
CVE-2024-43647,0,0,8afbf70ad2cef6fb4b1caf7e1a2477d89764414a1ebb1b6c70d7bf7b3d2442bb,2024-09-10T12:09:50.377000
CVE-2024-43648,1,1,db6ea04d0fc888e720c30e379a5edb0c8ba3ee21c7a578727f855e026e9bf487,2025-01-09T08:15:26.980000
CVE-2024-43649,1,1,47885ac52d06aa5d504a6dd1164814193364eba437843e14afe4f6408eff7e6a,2025-01-09T08:15:27.233000
CVE-2024-4365,0,0,8395a37d6a53a1070a3da8569444b421529dea178299a0f784e109ce6848c89d,2024-11-21T09:42:42.317000
CVE-2024-43650,1,1,f57c4c703d40cb1b16da32a6f9b05bb372c49445a1b082beac328b32d9fb70c1,2025-01-09T08:15:27.417000
CVE-2024-43651,1,1,ae6190c0fb2ef2abff378edd3f5ffc36d80bfaea3861050b603b76d43f4960d1,2025-01-09T08:15:27.590000
CVE-2024-43652,1,1,064bc45896f52884bfb57b8ac4a528d861f3663215ed752804908387abe214eb,2025-01-09T08:15:27.757000
CVE-2024-43653,1,1,5029101dfeb3ba5aa623a600afd5003286f2ac5d03819c2b95d2abedf0fa9156,2025-01-09T08:15:27.950000
CVE-2024-43654,1,1,b1ee7e11f8ffe5f22642934b4d66cee8a85a5924f3fed8d612532ca1852d2eeb,2025-01-09T08:15:28.127000
CVE-2024-43655,1,1,84a84cb9f2f0c9c81851b45f6751858fb461708f35ee0b7196880e2f47bce0d5,2025-01-09T08:15:28.300000
CVE-2024-43656,1,1,38891d24c044c865af89153898249b840abf21f3098f2a8fd86ddeaf115986c1,2025-01-09T08:15:28.487000
CVE-2024-43657,1,1,3295db8b0dee8c35f5bd2387c8725a66b364d28143f9cc9f0d93b969dca07d3b,2025-01-09T08:15:28.680000
CVE-2024-43658,1,1,03812cbdc33c23bf8bd0a3a9e1d82b30062ca72f54383da1609f5ac33cd77109,2025-01-09T08:15:28.867000
CVE-2024-43659,1,1,bea7bb2d7749d4469735f64b9092872757069300cf7bc686047ed1827782bd88,2025-01-09T08:15:29.060000
CVE-2024-4366,0,0,3c382e606a72e58f20f6afa38987a3fb436df349cdb6108f029876febf16f59e,2024-11-21T09:42:42.433000
CVE-2024-43660,1,1,bae475130e762711eec58c15c2ac20517cbf8adec68dfd49174933e0fa6931d6,2025-01-09T08:15:29.267000
CVE-2024-43661,1,1,7ca027929fc4dbab8ab4a545e9d872677d38cc79fa5c607e55919cb4f1e09ac8,2025-01-09T08:15:29.450000
CVE-2024-43662,1,1,8b0996f37d4d356a300c8703334b6df6e707291e0e0de56d34e4f561f2e110de,2025-01-09T08:15:29.637000
CVE-2024-43663,1,1,31b94a23f14faadaefc29b121a7d7589a03cd0af3a6f5d3b2eff56c034d6370f,2025-01-09T08:15:29.810000
CVE-2024-4367,0,0,06d0056dd66ff219c5446225478001d7ace4cdfa0f0e8d7454a5c61b93b71c50,2024-11-21T09:42:42.537000
CVE-2024-4368,0,0,3d10c8e78c29700111196d36c50b5f085edebb06975b60275c2b591108b23a7b,2024-12-20T17:23:03.420000
CVE-2024-43683,0,0,df9b098d0d10bbc57333de3cddd48795135c3c7c667cdc231a2f356001c571ba,2024-11-01T16:15:08.930000
@ -268757,7 +268780,7 @@ CVE-2024-50307,0,0,effd6ec5b86bf22e86b034cf0d56aa80ef1054d58eddf4f4569fd5216a211
CVE-2024-5031,0,0,c308606af56c2c63972fb5c4124ab9d975213c17c216c9acc47e4e56bb8f8d42,2024-11-21T09:46:48.853000
CVE-2024-50310,0,0,0aa8bf92cb0c2ce72d2591b8a623d6ab248b2abe4cf7e33609877fe3cb7813d1,2024-11-13T23:15:38.657000
CVE-2024-50311,0,0,b0292ba610dd96aa55991ae2b3d8d9a3245ae7b245c406d2ccd4b978c4c63f18,2024-12-04T08:15:06.993000
CVE-2024-50312,0,0,e9a1c1df99e5d026bdbe43225eaa2ed8174209157b8148725807c843837b6637,2024-10-30T18:35:56.753000
CVE-2024-50312,0,1,a7c4b05d3d3f339ecdf585e78123d67608338d22201a07dc1ab4fe90abd45688,2025-01-09T07:15:26.893000
CVE-2024-50313,0,0,64114bcba17ddbbd52304f776f5dd6f39dd07ae575272b42861ff4f8f52981bf,2024-11-15T17:12:44.410000
CVE-2024-50315,0,0,4cc2faf3d8c489bc195ea9b1b71e3db71fb7f18259f91c4f6bf82e911f7ad06a,2024-11-06T18:15:06.173000
CVE-2024-50317,0,0,bb18489d7989fbe06416c7902779e422cf61fac95f0d13f7e09c0b8e1bc37193,2024-11-18T15:06:49.627000
@ -270835,6 +270858,9 @@ CVE-2024-5370,0,0,118bbc3bfc68a5a364fa8038fafc7682a10bb0308a5e5da229e35dbd880721
CVE-2024-53701,0,0,1a2bc4566eec18c70c1090c86f62c17b18dd370d9f36bbeea87f735f0b867519,2024-11-29T06:15:07.327000
CVE-2024-53702,0,0,df4acdecd1eceade8b04c1e8f2d0208a2fb87f2140d6e9f86d0b91986c09f3f5,2024-12-05T16:15:26.077000
CVE-2024-53703,0,0,fb9cc5fb637d3f614eb88b1748740fd2dceb8edefd36486bf6555b6ace1738fb,2024-12-05T15:15:11.270000
CVE-2024-53704,1,1,a49d2f395c1a812543e55d6b39c0cc790fff1e2ba3cf7523efd6de51559acf7d,2025-01-09T07:15:27.203000
CVE-2024-53705,1,1,3608df41c0b7eb34cc7682868591dc9a56ad97248d5876e65327a002d017398a,2025-01-09T07:15:27.363000
CVE-2024-53706,1,1,258819dd0728d0f7679c29154005673ce3e612d4f8dde60dda77acce9370823c,2025-01-09T07:15:27.520000
CVE-2024-53707,0,0,4163d5321b4bf42492ee17d3e3420b9e06f0f632230aa0e5ae79c446b00e1993,2024-12-02T14:15:13.323000
CVE-2024-53708,0,0,cda0eccc0f844686702a234754606286df02f2b8e9c9d9d81e8fb2842526d6e1,2024-12-02T14:15:13.457000
CVE-2024-53709,0,0,74fcfcd96364eb63a20fac2c34c511b47044ab19669bd7332461d3387afde300,2024-12-02T14:15:13.600000
@ -273064,7 +273090,7 @@ CVE-2024-6320,0,0,b473609913519a737186d8d4224686486fd33ffcfab73ef05e3c3cf037998a
CVE-2024-6321,0,0,a39f88ef7c0aa8e0428ffa76183acf38ed3f4e4350e239a12cf9da7687522424,2024-11-21T09:49:25.667000
CVE-2024-6322,0,0,1ea07fd7c948c4f77d2f5f0917b4fee4f1d349d72b23887cd14c607a18221b99,2024-08-21T12:30:33.697000
CVE-2024-6323,0,0,113565d57693aa1eec8028c3334ea46961c6a5d9ee3823c3676e563017e4a8c2,2024-11-21T09:49:25.880000
CVE-2024-6324,1,1,1c66ff4ea8079da30d9906ca30ff4fd883ef46b74b2bbf5009c29e3b11b1f1ca,2025-01-09T06:15:15.390000
CVE-2024-6324,0,0,1c66ff4ea8079da30d9906ca30ff4fd883ef46b74b2bbf5009c29e3b11b1f1ca,2025-01-09T06:15:15.390000
CVE-2024-6325,0,0,a539dacbd205fca323eedae64dc5b22715b467b0e53648e1f180e84eacd8459a,2024-11-21T09:49:26.027000
CVE-2024-6326,0,0,85164071f9b463450ed4305c833cf3e6cf33bf0166b69ba5e80887827dfafa7a,2024-11-21T09:49:26.167000
CVE-2024-6327,0,0,d8eac136822f962fdaece40da23c68408cf6506a0c82904582d9b2430afa63be,2024-11-21T09:49:26.333000
@ -276160,7 +276186,7 @@ CVE-2025-0173,0,0,c1f252ca4cbbf65084a89ab024bca7f0b17a90985239dec13e360a268ca336
CVE-2025-0174,0,0,a58f6ba631c2a0feb58527b8303d7d4a31c3e3872c8ddd8918aacd475478a78f,2025-01-03T02:15:07.480000
CVE-2025-0175,0,0,d9a687479ae4dd84b5b46d302a16ec57021ad84e1ebe3621ace137eeaefcef9b,2025-01-03T02:15:07.680000
CVE-2025-0176,0,0,25b97cf7942e2d65b84cd3d69b2f6ce4b0c39c12b63a98b8f04cd8b606eafaef,2025-01-03T15:15:11.360000
CVE-2025-0194,0,0,c06709847d23622e73b5bb90181a6ba8237930ba386bc53927e88b89c13cc831,2025-01-08T20:15:29.193000
CVE-2025-0194,0,1,40ef7c79a60c06ceae761bdb13cd6a0f064d915b3409b67bcbee098c5513eee9,2025-01-09T07:15:27.667000
CVE-2025-0195,0,0,3a317c51726170702316fa33d45de8f3fef3184ae45ef5e02dd449cbd27af8d0,2025-01-03T18:15:17.317000
CVE-2025-0196,0,0,fb71521e255dd853610214509345a55ba2b3e12d37e32c94fc1c20cb4b643ab6,2025-01-03T19:15:12.793000
CVE-2025-0197,0,0,8050294c8ecdc49228ce7833915570638c5758146d0bd01628204a571b88b989,2025-01-03T20:15:28.873000
@ -276219,11 +276245,18 @@ CVE-2025-0299,0,0,46c993a70c9dd5843cd4dc3486123b8f79f076cb607c745df442454088b3fb
CVE-2025-0300,0,0,6462b093b202cdda5c643638789beb08104cb14d8ff95eb1f2f740fecb0f8630,2025-01-07T17:15:32.090000
CVE-2025-0301,0,0,db7e09db06a3c89075ef99c6e0773ce8d9b6391802870d788b13b4dc1d994dbc,2025-01-07T18:15:21.460000
CVE-2025-0306,0,0,b68f04c884b94c2988081809303425e8fc9d9a1826584b2811a6c0892a02e108,2025-01-09T04:15:13
CVE-2025-0328,1,1,3392df3a5ba9990f086e698e74404cadf8dede3f30f53b6a63cec684ef4d43e1,2025-01-09T05:15:07.997000
CVE-2025-0331,1,1,9958f914d08798c9884ab9acadc5485c8bf3fa51831a1e1c33c7f651b2407526,2025-01-09T05:15:08.237000
CVE-2025-0333,1,1,a8ab0819172da3f9274aae888663ae5efdae6b85957b7e6ef6d1d8934c8d1070,2025-01-09T05:15:08.453000
CVE-2025-0334,1,1,d7673bbf36f717e1769977669c1cac432662eda5ad40e6c872bcf27cf1dda6d8,2025-01-09T06:15:15.610000
CVE-2025-0335,1,1,d042e6fe1c6117fe3f290f44401326a621378ac168f8b7424ff902d7e887bcca,2025-01-09T06:15:15.850000
CVE-2025-0328,0,0,3392df3a5ba9990f086e698e74404cadf8dede3f30f53b6a63cec684ef4d43e1,2025-01-09T05:15:07.997000
CVE-2025-0331,0,0,9958f914d08798c9884ab9acadc5485c8bf3fa51831a1e1c33c7f651b2407526,2025-01-09T05:15:08.237000
CVE-2025-0333,0,0,a8ab0819172da3f9274aae888663ae5efdae6b85957b7e6ef6d1d8934c8d1070,2025-01-09T05:15:08.453000
CVE-2025-0334,0,0,d7673bbf36f717e1769977669c1cac432662eda5ad40e6c872bcf27cf1dda6d8,2025-01-09T06:15:15.610000
CVE-2025-0335,0,0,d042e6fe1c6117fe3f290f44401326a621378ac168f8b7424ff902d7e887bcca,2025-01-09T06:15:15.850000
CVE-2025-0336,1,1,04ee389408992b67dce77194d9c70ae97feea3babbe755fc187c92619ca0ff05,2025-01-09T07:15:27.860000
CVE-2025-0339,1,1,448e19bb7bc365a2bf292fe61f3c734706db43a29b1ebde295ceec420afcd48b,2025-01-09T07:15:28.080000
CVE-2025-0340,1,1,4f2990fc81137574b4912409b11904dee7e92cbd62c572bffa83a92d2b3d6728,2025-01-09T07:15:28.260000
CVE-2025-0341,1,1,90d8993fb7474a58be910ed5ed3a12242101d69a099db0025c917dff8fc0565c,2025-01-09T08:15:30.060000
CVE-2025-0342,1,1,6d3bd167a05490c5aa5dbc9a6d3538c596245238d57a65fa83ecac443971921f,2025-01-09T08:15:30.310000
CVE-2025-0344,1,1,1715f04fd5095fb83a5a82a19a8fdfb8ee1ceb83adeb19a18037c35e0449a30c,2025-01-09T08:15:30.517000
CVE-2025-20033,1,1,6018e09e60bc36da724018ac20bc63bc1922bb37746fdb9e10624cea7c137ebf,2025-01-09T07:15:28.450000
CVE-2025-20123,0,0,7f3b728d3f9cbfa875df0a45e50a08c953f805f15b1141475f4e31dfbed0e1d1,2025-01-08T16:15:38.150000
CVE-2025-20126,0,0,1585188395ef0aa5a894bbea6d526bdf238d58865dbcb187ac89434fb8c590b9,2025-01-08T19:15:38.553000
CVE-2025-20166,0,0,b11a57811b63f7d2208067ccc65af65bb9e1761d9a36811f745adce498b4e21f,2025-01-08T17:15:16.990000
@ -276323,6 +276356,8 @@ CVE-2025-22388,0,0,7b76724cf59a9c67f325da6bd673f3f15746ba083c4bc35be8117d11c0a0d
CVE-2025-22389,0,0,50d6eaab20c8259cde700c821ce2570def076c6cb2eb277d3379fa3f59f6550e,2025-01-04T03:15:07.580000
CVE-2025-22390,0,0,36805a833480d9f50dee34ab32e5ed9b2707017fd5287eb5a8abd68b1059bfbf,2025-01-06T17:15:48.170000
CVE-2025-22395,0,0,ac5db0ebc696fbb0c57e43b4ad48f0832ef7eb798546a738d8afe72cc61eda1e,2025-01-07T03:15:06.047000
CVE-2025-22445,1,1,892a817c9171cfb6ff1f1eb222a873d1fada74594dfce5a6314b9a0b173fbc06,2025-01-09T07:15:28.617000
CVE-2025-22449,1,1,94a3675582914b0870c0eee39028c6e7cffbb606301205022783a128835fd0ee,2025-01-09T07:15:28.777000
CVE-2025-22500,0,0,8aa8d02f24b4f8f19adb445be3e34cd476c909361320155120249ca356361cc0,2025-01-07T17:15:33.657000
CVE-2025-22502,0,0,e47e75d81258d25ae0eee9a569a8a8d8f361d17aa85c464ced2971eda4004a93,2025-01-07T16:15:45.717000
CVE-2025-22503,0,0,402bf3ce290423b600660d8b85d86d2013a2c04e54ea441b78372503a408f2f7,2025-01-07T16:15:45.877000

Can't render this file because it is too large.