Auto-Update: 2025-01-12T23:00:19.003237+00:00

2025-06-19 17:31:42 +00:00 · 2025-01-12 23:03:44 +00:00 · 2025-01-12 23:03:44 +00:00 · 2c85ad87f9
commit 2c85ad87f9
parent 3091012e96
6 changed files with 188 additions and 12 deletions
--- a/CVE-2021/CVE-2021-301xx/CVE-2021-30184.json
+++ b/CVE-2021/CVE-2021-301xx/CVE-2021-30184.json
@ -2,7 +2,7 @@
  "id": "CVE-2021-30184",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2021-04-07T12:15:16.437",
-  "lastModified": "2024-11-21T06:03:28.687",
+  "lastModified": "2025-01-12T21:15:18.060",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
@ -157,6 +157,10 @@
        "Third Party Advisory"
      ]
    },
+    {
+      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00007.html",
+      "source": "af854a3a-2127-422b-91ae-364da2661108"
+    },
    {
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QC74RWMDLSQGV6Z3ZABNTPABB33S4YNF/",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
--- a/CVE-2024/CVE-2024-421xx/CVE-2024-42179.json
+++ b/CVE-2024/CVE-2024-421xx/CVE-2024-42179.json
@ -0,0 +1,56 @@
+{
+  "id": "CVE-2024-42179",
+  "sourceIdentifier": "psirt@hcl.com",
+  "published": "2025-01-12T22:15:05.923",
+  "lastModified": "2025-01-12T22:15:05.923",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "HCL MyXalytics is affected by sensitive information disclosure vulnerability.  The HTTP response header exposes the Microsoft-HTTP API\u22152.0 as the server's name & version."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@hcl.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N",
+          "baseScore": 2.0,
+          "baseSeverity": "LOW",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 0.5,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@hcl.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-200"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118149",
+      "source": "psirt@hcl.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-421xx/CVE-2024-42180.json
+++ b/CVE-2024/CVE-2024-421xx/CVE-2024-42180.json
@ -0,0 +1,56 @@
+{
+  "id": "CVE-2024-42180",
+  "sourceIdentifier": "psirt@hcl.com",
+  "published": "2025-01-12T22:15:06.983",
+  "lastModified": "2025-01-12T22:15:06.983",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "HCL MyXalytics is affected by a malicious file upload vulnerability.  The application accepts invalid file uploads, including incorrect content types, double extensions, null bytes, and special characters, allowing attackers to upload and execute malicious files."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@hcl.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N",
+          "baseScore": 1.6,
+          "baseSeverity": "LOW",
+          "attackVector": "PHYSICAL",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 0.1,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@hcl.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-434"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118149",
+      "source": "psirt@hcl.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-421xx/CVE-2024-42181.json
+++ b/CVE-2024/CVE-2024-421xx/CVE-2024-42181.json
@ -0,0 +1,56 @@
+{
+  "id": "CVE-2024-42181",
+  "sourceIdentifier": "psirt@hcl.com",
+  "published": "2025-01-12T22:15:07.120",
+  "lastModified": "2025-01-12T22:15:07.120",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "HCL MyXalytics is affected by a cleartext transmission of sensitive information vulnerability.  The application transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@hcl.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
+          "baseScore": 1.6,
+          "baseSeverity": "LOW",
+          "attackVector": "PHYSICAL",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 0.2,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@hcl.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-319"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118149",
+      "source": "psirt@hcl.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2025-01-12T15:00:19.916223+00:00
+2025-01-12T23:00:19.003237+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2025-01-12T14:15:08.993000+00:00
+2025-01-12T22:15:07.120000+00:00
 ```

 ### Last Data Feed Release
@ -33,22 +33,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-276804
+276807
 ```

 ### CVEs added in the last Commit

 Recently added CVEs: `3`

- [CVE-2024-51456](CVE-2024/CVE-2024-514xx/CVE-2024-51456.json) (`2025-01-12T14:15:06.550`)
- [CVE-2025-0397](CVE-2025/CVE-2025-03xx/CVE-2025-0397.json) (`2025-01-12T13:15:07.333`)
- [CVE-2025-0398](CVE-2025/CVE-2025-03xx/CVE-2025-0398.json) (`2025-01-12T14:15:08.993`)
+- [CVE-2024-42179](CVE-2024/CVE-2024-421xx/CVE-2024-42179.json) (`2025-01-12T22:15:05.923`)
+- [CVE-2024-42180](CVE-2024/CVE-2024-421xx/CVE-2024-42180.json) (`2025-01-12T22:15:06.983`)
+- [CVE-2024-42181](CVE-2024/CVE-2024-421xx/CVE-2024-42181.json) (`2025-01-12T22:15:07.120`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `0`
+Recently modified CVEs: `1`

+- [CVE-2021-30184](CVE-2021/CVE-2021-301xx/CVE-2021-30184.json) (`2025-01-12T21:15:18.060`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -174634,7 +174634,7 @@ CVE-2021-3018,0,0,16a69cd64423ff75efb63619f9a5bc638521e6df58a32ead2cc5567610cebc
 CVE-2021-30180,0,0,7cf81cc599fadc0c20fdd3a5abc81cda7123eb332cd47eb8bd17bd575ef305a0,2024-11-21T06:03:28.323000
 CVE-2021-30181,0,0,d8fcd3967f52d37d1b1114ecf3da35baf14a6e2fb74e758e7addad33d08f57c9,2024-11-21T06:03:28.430000
 CVE-2021-30183,0,0,7ea7e0d54eb37f228d38c6f0b4325b1256e6a54168f67cbaa007aff05965ee09,2024-11-21T06:03:28.540000
-CVE-2021-30184,0,0,71d3ab8457464b283bb5370c2606a2d37d3a274eb8606c628e5b987cf82f86e4,2024-11-21T06:03:28.687000
+CVE-2021-30184,0,1,3a205c0ba3164533a6ea5ecf3ccc8d5c345bb0e2e1aafc13c7d67dce042245b1,2025-01-12T21:15:18.060000
 CVE-2021-30185,0,0,33671a84071bb74ff145adf9921b67106974918df0329b277aa949cbf63e8964,2024-11-21T06:03:28.857000
 CVE-2021-30186,0,0,ffee1b429d0d16421a8a6ba6e83418690d13d62feac75cf1a5c802ffb35f3fa5,2024-11-21T06:03:29.010000
 CVE-2021-30187,0,0,1c6cb8aa67bc4cfcd92846829bb73641f6e508da16ea87e5a428cc6cd657b31a,2024-11-21T06:03:29.160000
@ -263227,7 +263227,10 @@ CVE-2024-42172,0,0,225fcad75eabc6687a4f18f7362b2adb3c25abd093cdc9d59c7996b0d4e7c
 CVE-2024-42173,0,0,44f315b59e5db8539983c783dcc88b531da6958c918975bbf10efa6c538c20d2,2025-01-11T07:15:08.927000
 CVE-2024-42174,0,0,3f28820a9bd8cf8cf9d334457ab9a1a64b4e8c40d794a897f768f73624ecc250,2025-01-11T07:15:09.110000
 CVE-2024-42175,0,0,15ace39e893c1bff8b7e16e522cde4b95b5af743307f180322bb8a85d03c4238,2025-01-11T08:15:26.343000
+CVE-2024-42179,1,1,5e44a06faf5de646efa63bdd22e13e75061d112a56d64113167a2850a68fdec4,2025-01-12T22:15:05.923000
 CVE-2024-4218,0,0,7a0061e75f27495a7259e5a50ce11715685411290c6b771dfa8c54d8a57b046e,2024-11-21T09:42:24.667000
+CVE-2024-42180,1,1,b8981c5f4c283ce4938fb12f4fb994e8d974d1368c48899ad7966d2aeeeb05af,2025-01-12T22:15:06.983000
+CVE-2024-42181,1,1,e7ae476db729412a07da99fe69c05026658c00a62acd974cd71c0fba47129e81,2025-01-12T22:15:07.120000
 CVE-2024-42188,0,0,a8278cfe50e3ca68bde755bed653483d11589c1acd3e94c1e7362476b4ce136e,2024-11-15T13:58:08.913000
 CVE-2024-4219,0,0,cd28361343cc861bde40c0bbbee1aabb101ed013946c5589d3ba0dabbead402f,2024-11-21T09:42:24.783000
 CVE-2024-42194,0,0,af3a202d05f65dc11d1d1e7b62226f11c65e5914cb08b7ffa3083b3f3386e580,2024-12-17T18:15:23.590000
@ -269581,7 +269584,7 @@ CVE-2024-51434,0,0,fd0f2e493c6557b3a7b75698795afa3b125b8838b7989d6283ab019561701
 CVE-2024-5144,0,0,6bbfaf13c1764c4fefc00893d80de8b864d8af9b05653210d129c904ab48e8ed,2024-05-31T18:15:13.217000
 CVE-2024-51442,0,0,663939a871d0d38a9b2a62d30b7d5c04a240d1619da5f372debf5ffd926c43c7,2025-01-08T20:15:28.137000
 CVE-2024-5145,0,0,1ce6a725d120216d833ed23f25099d9f4810ecb9d4c63ffcf11012cbf68534d1,2024-11-21T09:47:03.920000
-CVE-2024-51456,1,1,3c61638caa50a72d686c2513f141dc47a94982f4575920b49a722ee25ad1568a,2025-01-12T14:15:06.550000
+CVE-2024-51456,0,0,3c61638caa50a72d686c2513f141dc47a94982f4575920b49a722ee25ad1568a,2025-01-12T14:15:06.550000
 CVE-2024-51460,0,0,0d1d0884deead80ce10e102d7fe3745fd378c1bb1816cc36f4177c2f9263fd37,2024-12-11T13:15:06.510000
 CVE-2024-51463,0,0,c0364c05afe1e0b2d0890e7f96c1b512b7afe4d3c2862d4a930e0585099ce1e6,2024-12-21T14:15:21.453000
 CVE-2024-51464,0,0,1b2031370218977af474f39ea7b9c6eb15448100f9427860fc8d10cdd981ce8b,2024-12-31T07:15:11.307000
@ -276556,8 +276559,8 @@ CVE-2025-0390,0,0,e8680a8850f5f93c327358a0bafb5800686853499fcfad6c845505a58dd625
 CVE-2025-0391,0,0,92a57f196719fdf887816695b3a83526079e0969236a36b3dfc45b775c9f93d0,2025-01-11T09:15:05.937000
 CVE-2025-0392,0,0,aa9606366d99278451746d2e901d7f278b325bf8d4482ec56713b1565fb0cf2e,2025-01-11T11:15:06.657000
 CVE-2025-0396,0,0,40cf499d3af0887461cef0ee82c838ac2a8e455615e0ec1716aab5bb9b6cf389,2025-01-12T12:15:17.963000
-CVE-2025-0397,1,1,3df48a7f37b6ddd991a6e6b1d0d3d26e3ecb37c3bfeb145a466570cacbe4e525,2025-01-12T13:15:07.333000
-CVE-2025-0398,1,1,afd394c257e601522591072049c131282d9fd441fccfb2024d6a2bacf7579a14,2025-01-12T14:15:08.993000
+CVE-2025-0397,0,0,3df48a7f37b6ddd991a6e6b1d0d3d26e3ecb37c3bfeb145a466570cacbe4e525,2025-01-12T13:15:07.333000
+CVE-2025-0398,0,0,afd394c257e601522591072049c131282d9fd441fccfb2024d6a2bacf7579a14,2025-01-12T14:15:08.993000
 CVE-2025-20033,0,0,6c60c85e451f1d6db70378d678ddf83dacc7c823ecfb493748ed6d94114eff49,2025-01-09T07:15:28.450000
 CVE-2025-20123,0,0,54512af23f890abd1fef44213c66523a0b62c1420699fcab5bda08e37f5f4455,2025-01-08T16:15:38.150000
 CVE-2025-20126,0,0,0fcc9383f8a59c5e0d551ae3c2ee7933f9c74701d79731c282030a0992412e7d,2025-01-08T19:15:38.553000