From 3b981c32f067a3b5a4d6a47992438aa87ea1f8bd Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sat, 5 Jul 2025 06:03:47 +0000 Subject: [PATCH] Auto-Update: 2025-07-05T06:00:11.004975+00:00 --- CVE-2023/CVE-2023-507xx/CVE-2023-50786.json | 64 +++++++++++++++++++++ CVE-2024/CVE-2024-582xx/CVE-2024-58254.json | 58 ++----------------- README.md | 15 +++-- _state.csv | 7 ++- 4 files changed, 80 insertions(+), 64 deletions(-) create mode 100644 CVE-2023/CVE-2023-507xx/CVE-2023-50786.json diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50786.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50786.json new file mode 100644 index 00000000000..efe10c92dbd --- /dev/null +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50786.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2023-50786", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-07-05T04:15:24.373", + "lastModified": "2025-07-05T04:15:24.373", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Dradis through 4.16.0 allows referencing external images (resources) over HTTPS, instead of forcing the use of embedded (uploaded) images. This can be leveraged by an authorized author to attempt to steal the Net-NTLM hashes of other authors on a Windows domain network." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", + "baseScore": 4.1, + "baseSeverity": "MEDIUM", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@mitre.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-294" + } + ] + } + ], + "references": [ + { + "url": "https://dradis.com/", + "source": "cve@mitre.org" + }, + { + "url": "https://dradis.com/ce", + "source": "cve@mitre.org" + }, + { + "url": "https://securiteam.io/2025/07/04/cve-2023-50786-dradis-ntlm-theft-vulnerability/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-582xx/CVE-2024-58254.json b/CVE-2024/CVE-2024-582xx/CVE-2024-58254.json index d6b8e13d246..8f63f821f27 100644 --- a/CVE-2024/CVE-2024-582xx/CVE-2024-58254.json +++ b/CVE-2024/CVE-2024-582xx/CVE-2024-58254.json @@ -2,63 +2,15 @@ "id": "CVE-2024-58254", "sourceIdentifier": "cve@mitre.org", "published": "2025-07-05T02:15:21.127", - "lastModified": "2025-07-05T02:15:21.127", - "vulnStatus": "Received", + "lastModified": "2025-07-05T04:15:27.053", + "vulnStatus": "Rejected", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "The rustls crate 0.23.13 before 0.23.18 for Rust, when rustls::server::Acceptor::accept is used, allows a panic via a fragmented TLS ClientHello." + "value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-11738. Reason: This candidate is a duplicate of CVE-2024-11738. Notes: All CVE users should reference CVE-2024-11738 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ], - "metrics": { - "cvssMetricV31": [ - { - "source": "cve@mitre.org", - "type": "Secondary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "baseScore": 5.3, - "baseSeverity": "MEDIUM", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "availabilityImpact": "LOW" - }, - "exploitabilityScore": 3.9, - "impactScore": 1.4 - } - ] - }, - "weaknesses": [ - { - "source": "cve@mitre.org", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-684" - } - ] - } - ], - "references": [ - { - "url": "https://crates.io/crates/rustls", - "source": "cve@mitre.org" - }, - { - "url": "https://github.com/rustls/rustls/issues/2227", - "source": "cve@mitre.org" - }, - { - "url": "https://rustsec.org/advisories/RUSTSEC-2024-0399.html", - "source": "cve@mitre.org" - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/README.md b/README.md index 78553cdd318..6082fe0cf26 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-07-05T04:00:11.159045+00:00 +2025-07-05T06:00:11.004975+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-07-05T03:15:30.637000+00:00 +2025-07-05T04:15:27.053000+00:00 ``` ### Last Data Feed Release @@ -33,22 +33,21 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -300444 +300445 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `1` -- [CVE-2024-58254](CVE-2024/CVE-2024-582xx/CVE-2024-58254.json) (`2025-07-05T02:15:21.127`) -- [CVE-2025-47227](CVE-2025/CVE-2025-472xx/CVE-2025-47227.json) (`2025-07-05T03:15:30.470`) -- [CVE-2025-47228](CVE-2025/CVE-2025-472xx/CVE-2025-47228.json) (`2025-07-05T03:15:30.637`) +- [CVE-2023-50786](CVE-2023/CVE-2023-507xx/CVE-2023-50786.json) (`2025-07-05T04:15:24.373`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `1` +- [CVE-2024-58254](CVE-2024/CVE-2024-582xx/CVE-2024-58254.json) (`2025-07-05T04:15:27.053`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 4709ab7b08f..7232a1a2d1c 100644 --- a/_state.csv +++ b/_state.csv @@ -240648,6 +240648,7 @@ CVE-2023-50782,0,0,299729c2ec80e45a64acaf6b330dc08ad4fd39a65f8a06b4332c11a86131e CVE-2023-50783,0,0,1ef78e5a5517555eceafa507821beb8eed1794b210be810f125231af396d7a2d,2024-11-21T08:37:18.497000 CVE-2023-50784,0,0,363a3d3c64d14d1ecf52616ef255522ebf1ecb39143069797ec28afd2fe3be87,2024-11-21T08:37:18.633000 CVE-2023-50785,0,0,04d09dececbdc3b8babc46de7b6d85787f302133d45e1225dfdddd4d21f84650,2024-11-21T08:37:18.780000 +CVE-2023-50786,1,1,6045fe8319333f0f69bc8fe0fd6f7235bb2526caa2b6a99c97e48e2ccc411cda,2025-07-05T04:15:24.373000 CVE-2023-5079,0,0,4d36ea6ee96620d3a4c4792c8036fe077bb40efeb13eab11aaf850251e9ea8d3,2024-11-21T08:41:01.513000 CVE-2023-5080,0,0,02339a01b1b6ff5fdf4d2ffb54b376d5f6ec3116879991b7f4f1d96a4548d024,2024-11-21T08:41:01.643000 CVE-2023-50803,0,0,266d81a4d6d4530ab8237d281ecc5bf2ca4948455b03314c272985e31769da35,2024-11-21T08:37:19.013000 @@ -278891,7 +278892,7 @@ CVE-2024-58250,0,0,0cee348f53514c8f66fdd102bc185afc75a5fff72792af4fd24660f96ce22 CVE-2024-58251,0,0,3d7ad675c8c4ca6bbb888df41dfca6de49cf5c8949b93c3f966477ed760827bf,2025-04-29T13:52:47.470000 CVE-2024-58252,0,0,2a2069468d2daa333bfc730a8a2bb50390b1a419e092aa9769a9c36c719c1e7b,2025-05-09T19:27:43.937000 CVE-2024-58253,0,0,da49c0596ff21f0dcbb928a2ca6fee65885d12875648098fb736cb7c8162f298,2025-05-05T20:54:19.760000 -CVE-2024-58254,1,1,92a77921345bd0bcddf55e41a6c8d9f8debc1eb72e19200ec17b3537e7d21687,2025-07-05T02:15:21.127000 +CVE-2024-58254,0,1,7dea1bbfa39e3b55f0979ac55979939a674f1934d77e1e4a1df4419e1a04c872,2025-07-05T04:15:27.053000 CVE-2024-5826,0,0,676ce5cec2202232492aeb7a31cb471cd0485dd44f0bad4d2271201c9d98c0de,2024-11-21T09:48:24.490000 CVE-2024-5827,0,0,12cdd01c3634b5f2da13128a187bc2d1c8d9fa87429a9aed8ec50812f82df183,2024-11-21T09:48:24.607000 CVE-2024-5828,0,0,73069a2f9dbd005f637a8c432d288f4c861c4d147da919c5c71f3de2432e48cd,2025-01-08T21:25:28.967000 @@ -297119,8 +297120,8 @@ CVE-2025-47204,0,0,1087581499a2135246bfaa4b4dda36ede5f4134f69e3bfd8a83443409525f CVE-2025-4721,0,0,5b12152a812ee0a8141ca92ad1ce07fe54f58122d1a25434c4f23dc9f9b473ec,2025-05-27T14:13:32.497000 CVE-2025-4722,0,0,7a9f4792d9d2d1bd9669bfc9ead090bdeb53cca7dd5e461fb6c113463a0e9c32,2025-05-27T14:14:15.353000 CVE-2025-47226,0,0,9e9ee9e6a0d1290ebfec3cf4efbf332e325ff8173805761710078650f408fa82,2025-06-03T14:44:17.277000 -CVE-2025-47227,1,1,bb0ff691cd494e74d3519976db44bf1ea47049f396eaa3b68556da2fec7f8adb,2025-07-05T03:15:30.470000 -CVE-2025-47228,1,1,880784ee453c8bb3b790480ff0692e31008a1bc3bdaccd46d617c101650d667b,2025-07-05T03:15:30.637000 +CVE-2025-47227,0,0,bb0ff691cd494e74d3519976db44bf1ea47049f396eaa3b68556da2fec7f8adb,2025-07-05T03:15:30.470000 +CVE-2025-47228,0,0,880784ee453c8bb3b790480ff0692e31008a1bc3bdaccd46d617c101650d667b,2025-07-05T03:15:30.637000 CVE-2025-47229,0,0,ce628b1ca08883508604ad35fbd46640a7a9f93ddbaf98a26f657b9032cc95b5,2025-05-05T20:54:19.760000 CVE-2025-4723,0,0,0415daa35bafd9e63de1b551374da44563d1be8395330dcde3975fc4eef0ad28,2025-05-27T14:14:25.467000 CVE-2025-4724,0,0,22ef6d583945f18353bdb4e3bec008d3a4110d3da2137080faced1b57a1b5a5d,2025-05-27T14:14:38.270000