From 10313a5d0159b72532f52386db7a1a5cb2898f6c Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 14 Feb 2025 05:03:57 +0000 Subject: [PATCH] Auto-Update: 2025-02-14T05:00:31.130004+00:00 --- CVE-2024/CVE-2024-104xx/CVE-2024-10404.json | 56 +++++++++++++++ CVE-2024/CVE-2024-559xx/CVE-2024-55904.json | 56 +++++++++++++++ CVE-2025/CVE-2025-10xx/CVE-2025-1053.json | 78 ++++++++++++++++++++ CVE-2025/CVE-2025-265xx/CVE-2025-26519.json | 80 +++++++++++++++++++++ README.md | 15 ++-- _state.csv | 6 +- 6 files changed, 284 insertions(+), 7 deletions(-) create mode 100644 CVE-2024/CVE-2024-104xx/CVE-2024-10404.json create mode 100644 CVE-2024/CVE-2024-559xx/CVE-2024-55904.json create mode 100644 CVE-2025/CVE-2025-10xx/CVE-2025-1053.json create mode 100644 CVE-2025/CVE-2025-265xx/CVE-2025-26519.json diff --git a/CVE-2024/CVE-2024-104xx/CVE-2024-10404.json b/CVE-2024/CVE-2024-104xx/CVE-2024-10404.json new file mode 100644 index 00000000000..ab8e1b1e1a9 --- /dev/null +++ b/CVE-2024/CVE-2024-104xx/CVE-2024-10404.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-10404", + "sourceIdentifier": "sirt@brocade.com", + "published": "2025-02-14T04:15:07.857", + "lastModified": "2025-02-14T04:15:07.857", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "CalInvocationHandler in Brocade \nSANnav before 2.3.1b logs sensitive information in clear text. The \nvulnerability could allow an authenticated, local attacker to view \nBrocade Fabric OS switch sensitive information in clear text. An \nattacker with administrative privileges could retrieve sensitive \ninformation including passwords; SNMP responses that contain AuthSecret \nand PrivSecret after collecting a \u201csupportsave\u201d or getting access to an \nalready collected \u201csupportsave\u201d. NOTE: this issue exists because of an incomplete fix for CVE-2024-29952" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "sirt@brocade.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.1, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "sirt@brocade.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-312" + } + ] + } + ], + "references": [ + { + "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25403", + "source": "sirt@brocade.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-559xx/CVE-2024-55904.json b/CVE-2024/CVE-2024-559xx/CVE-2024-55904.json new file mode 100644 index 00000000000..81883c249e6 --- /dev/null +++ b/CVE-2024/CVE-2024-559xx/CVE-2024-55904.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-55904", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2025-02-14T04:15:08.753", + "lastModified": "2025-02-14T04:15:08.753", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 / IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.9 could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.ibm.com/support/pages/node/7182841", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-10xx/CVE-2025-1053.json b/CVE-2025/CVE-2025-10xx/CVE-2025-1053.json new file mode 100644 index 00000000000..f215e28b80f --- /dev/null +++ b/CVE-2025/CVE-2025-10xx/CVE-2025-1053.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2025-1053", + "sourceIdentifier": "sirt@brocade.com", + "published": "2025-02-14T04:15:08.903", + "lastModified": "2025-02-14T04:15:08.903", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Under certain error conditions at time of SANnav installation or upgrade, the encryption key can be written into and obtained from a Brocade SANnav supportsave. An attacker with privileged access to the Brocade SANnav database could use the encryption key to obtain passwords used by Brocade SANnav." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "sirt@brocade.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "HIGH", + "subsequentSystemIntegrity": "HIGH", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "sirt@brocade.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-1295" + } + ] + } + ], + "references": [ + { + "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25399", + "source": "sirt@brocade.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-265xx/CVE-2025-26519.json b/CVE-2025/CVE-2025-265xx/CVE-2025-26519.json new file mode 100644 index 00000000000..b63ebc0d10b --- /dev/null +++ b/CVE-2025/CVE-2025-265xx/CVE-2025-26519.json @@ -0,0 +1,80 @@ +{ + "id": "CVE-2025-26519", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-02-14T04:15:09.050", + "lastModified": "2025-02-14T04:15:09.050", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.4, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://git.musl-libc.org/cgit/musl/commit/?id=c47ad25ea3b484e10326f933e927c0bc8cded3da", + "source": "cve@mitre.org" + }, + { + "url": "https://git.musl-libc.org/cgit/musl/commit/?id=e5adcd97b5196e29991b524237381a0202a60659", + "source": "cve@mitre.org" + }, + { + "url": "https://www.openwall.com/lists/oss-security/2025/02/13/2", + "source": "cve@mitre.org" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2025/02/13/2", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2025/02/13/3", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2025/02/13/4", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2025/02/13/5", + "source": "af854a3a-2127-422b-91ae-364da2661108" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 65828acdabf..120b8436024 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-02-14T03:00:27.530718+00:00 +2025-02-14T05:00:31.130004+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-02-14T02:00:02.377000+00:00 +2025-02-14T04:15:09.050000+00:00 ``` ### Last Data Feed Release @@ -33,20 +33,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -281314 +281318 ``` ### CVEs added in the last Commit -Recently added CVEs: `0` +Recently added CVEs: `4` +- [CVE-2024-10404](CVE-2024/CVE-2024-104xx/CVE-2024-10404.json) (`2025-02-14T04:15:07.857`) +- [CVE-2024-55904](CVE-2024/CVE-2024-559xx/CVE-2024-55904.json) (`2025-02-14T04:15:08.753`) +- [CVE-2025-1053](CVE-2025/CVE-2025-10xx/CVE-2025-1053.json) (`2025-02-14T04:15:08.903`) +- [CVE-2025-26519](CVE-2025/CVE-2025-265xx/CVE-2025-26519.json) (`2025-02-14T04:15:09.050`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `0` -- [CVE-2024-57727](CVE-2024/CVE-2024-577xx/CVE-2024-57727.json) (`2025-02-14T02:00:02.377`) ## Download and Usage diff --git a/_state.csv b/_state.csv index ac2f8fa1b3d..eeb5bbf0dc7 100644 --- a/_state.csv +++ b/_state.csv @@ -243811,6 +243811,7 @@ CVE-2024-10400,0,0,3149449a1f655d421717c12bd7c1ce4f050cb418efa23b02eb5dc871bacff CVE-2024-10401,0,0,98699d6fa898cdfb3f15470619245cee1d067345348d71b83edf212f320fd87d,2025-01-16T02:15:26.770000 CVE-2024-10402,0,0,707aa51bfb00542fa09e86114646bc6794da9070602c556284ae04ba6ce3467b,2025-02-05T15:02:16.723000 CVE-2024-10403,0,0,a7572191e8102ed6d59e64918362af5517a9fa6fa7640d8839b0f51d80dd26d0,2025-02-04T15:28:04.053000 +CVE-2024-10404,1,1,08f35896a4e26a8e268d7ac34a9afd8dd97e47266f80e6d06d99a2e226505a70,2025-02-14T04:15:07.857000 CVE-2024-10406,0,0,3ea80fa9309bbe01bfc18fc28a58ebc2cd4384a2976470d5a0c7d74740e10fea,2024-10-29T20:48:36.967000 CVE-2024-10407,0,0,c0767597cc1c9f2445774d0945d82cd1deb05bfba27e932afc95a08efb60df7c,2024-10-29T20:47:53.667000 CVE-2024-10408,0,0,bdf278858219e19c5b454fd4cbba3d2031672da6a8bc18e5cf1bab48edd4d3ed,2024-10-29T20:44:07.630000 @@ -273672,6 +273673,7 @@ CVE-2024-55894,0,0,a518cee2fb5c444e45eddc499c726dbccb5162cc415b97b8eed1d6bbd03a9 CVE-2024-55896,0,0,d7dd07510a57c238a16c0fe0788b36dab26d7ddf0b08fae01a783db92ce18bc7,2025-01-03T23:15:08.437000 CVE-2024-55897,0,0,86f551f0669482615238eeaffb68bcc56791f5e1b9341f9faf1df69a0f9917a0,2025-01-03T23:15:08.573000 CVE-2024-5590,0,0,149ce733adb815f37cfb949017cf2104a0546c788a7c477d5e3007938805c8d5,2025-02-07T15:10:57.540000 +CVE-2024-55904,1,1,670a5b92580670024d95fafa42302e04efe1a78ea620e4f4abee465e697fd2e0,2025-02-14T04:15:08.753000 CVE-2024-5591,0,0,5b452d13d5bfa9a2af82af55a6427cebed5363226c02cb0163eff6e664b73ee7,2025-01-03T15:15:10.813000 CVE-2024-55916,0,0,bb2f39fb2dbe90e6c07ae14f8caf688273b3c9276641493fe6ca8dc8b8b6b9eb,2025-01-16T15:18:39.293000 CVE-2024-55917,0,0,c12e2bbc393b15d20fbce1ec995c8d1d26abb7f3ae27ddc186e402fd7d620706,2024-12-31T17:15:09.140000 @@ -274770,7 +274772,7 @@ CVE-2024-57722,0,0,cc12b04f9055359b9f59d1fb9351a1dc5f896d626ba1ab2353434d622e66c CVE-2024-57723,0,0,8dfe124ae30760a599d5a92653aea7bf25ab7fabdd29029a0d6962e3146e832c,2025-01-23T15:15:12.820000 CVE-2024-57724,0,0,80b6486449089b1abee894f99cbdee8ef8e8a7c83dc4631c3181139e769eeda6,2025-01-23T15:15:13.020000 CVE-2024-57726,0,0,b06228a1f549336c575c9af51a5eec97f13915f9b87b92d879c22e35b9610a8c,2025-01-31T21:15:11.857000 -CVE-2024-57727,0,1,e4677a15ae16ec0ebae3eb2021b05fa3f0029b408f389dd592fbd8ecc2109cf2,2025-02-14T02:00:02.377000 +CVE-2024-57727,0,0,e4677a15ae16ec0ebae3eb2021b05fa3f0029b408f389dd592fbd8ecc2109cf2,2025-02-14T02:00:02.377000 CVE-2024-57728,0,0,300d732277cb2b6af20193b0ebd36f609253f83cb041dd620ac6c99126042718,2025-01-31T21:15:12.330000 CVE-2024-5773,0,0,15a736279ac22d2a5aab58883295235d88937fdbb3553ef9d4950d320c24ea27,2025-01-29T17:38:34.290000 CVE-2024-5774,0,0,182237f03fac5ad01b6cf92f6ccc93f0d61ab5b7fb7feda9e18228a971243a2a,2024-11-21T09:48:19.287000 @@ -279087,6 +279089,7 @@ CVE-2025-1028,0,0,e6b466122e3fc2d0ee27df4e2f7cd7a187e72415f42ddc27a98c68b86b7822 CVE-2025-1042,0,0,727597b2df8c6e5925af064d1c047222ac7870d4fb0653bc96def494163afd0b,2025-02-12T15:15:16.230000 CVE-2025-1044,0,0,f2d901015fc0e6049437a84a32809b8c4712e1d9cd344db9b24ed666ed368479,2025-02-11T20:15:35.913000 CVE-2025-1052,0,0,2558dc5aa326f4b5ba9a0b42415250f88c10a360fd02b001eec15ae5cce74dea,2025-02-11T20:15:36.070000 +CVE-2025-1053,1,1,029ef95d4ca404a127f35d558b999def9d0d35c7fe97a6a586ce48f5dbe97960,2025-02-14T04:15:08.903000 CVE-2025-1058,0,0,68758fb3a7edcb4555679953ceea098802b07f6f694869dafe8f70b9e50ad23b,2025-02-13T06:15:21.480000 CVE-2025-1059,0,0,f04f4e4845d9d9b34b7552b5f3678626ad00807a01ed09615ed24204eba0ec4d,2025-02-13T06:15:21.680000 CVE-2025-1060,0,0,65f5a7e67223a9c734992ce3a8f5501f5cc1436daa7785c3e5772dccca05e33c,2025-02-13T06:15:22.213000 @@ -281289,6 +281292,7 @@ CVE-2025-26493,0,0,1099023a6dd0784f561a6e33a794f1b6b69f51c22042510a0826814d283df CVE-2025-26494,0,0,fbc26c80357160dc793881bb81bca8973032cb78045f64dc3903e7fb3d3f359e,2025-02-11T18:15:47.060000 CVE-2025-26495,0,0,0731ad2cc6d733334de4696008327b6e5ee6279ed8bc678e0a689b6be160a2fa,2025-02-11T18:15:47.237000 CVE-2025-26511,0,0,f60d5b8ed6462b3636b1bec6d86421fa2447443d87dddccbff41a72a635be633,2025-02-14T00:15:07.667000 +CVE-2025-26519,1,1,90c5229d2339d524d33b2707fd9962bc23a7008488910f54bd2629286aab7f08,2025-02-14T04:15:09.050000 CVE-2025-26520,0,0,b83a456ccd02c927137ed430a7b7666fceb0cc753b6c14f6ee5654a1a893266c,2025-02-12T07:15:08.617000 CVE-2025-26538,0,0,9ea4ca612e90cce9189b8bae07fa04997f24224417b26ca364e9d1ce2abc0564,2025-02-13T14:16:19.100000 CVE-2025-26539,0,0,9e24ab5af3835adb18f91dd2d1f793e969f13bc3aa31bd06f752764eeee8db3e,2025-02-13T14:16:19.383000