From 3c563bbe2221ab0e6b215987bc0564d94fb5ea09 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 21 Apr 2025 12:04:16 +0000 Subject: [PATCH] Auto-Update: 2025-04-21T12:00:22.260401+00:00 --- CVE-2024/CVE-2024-384xx/CVE-2024-38428.json | 6 +- CVE-2025/CVE-2025-38xx/CVE-2025-3837.json | 78 ++++++++++++++++++++ CVE-2025/CVE-2025-38xx/CVE-2025-3838.json | 82 +++++++++++++++++++++ CVE-2025/CVE-2025-38xx/CVE-2025-3840.json | 78 ++++++++++++++++++++ README.md | 15 ++-- _state.csv | 7 +- 6 files changed, 257 insertions(+), 9 deletions(-) create mode 100644 CVE-2025/CVE-2025-38xx/CVE-2025-3837.json create mode 100644 CVE-2025/CVE-2025-38xx/CVE-2025-3838.json create mode 100644 CVE-2025/CVE-2025-38xx/CVE-2025-3840.json diff --git a/CVE-2024/CVE-2024-384xx/CVE-2024-38428.json b/CVE-2024/CVE-2024-384xx/CVE-2024-38428.json index de9b0cbbbb5..e2e362ad86d 100644 --- a/CVE-2024/CVE-2024-384xx/CVE-2024-38428.json +++ b/CVE-2024/CVE-2024-384xx/CVE-2024-38428.json @@ -2,7 +2,7 @@ "id": "CVE-2024-38428", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-16T03:15:08.430", - "lastModified": "2024-11-21T09:25:48.560", + "lastModified": "2025-04-21T10:15:14.207", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -124,6 +124,10 @@ "Patch" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00029.html", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, { "url": "https://lists.gnu.org/archive/html/bug-wget/2024-06/msg00005.html", "source": "af854a3a-2127-422b-91ae-364da2661108", diff --git a/CVE-2025/CVE-2025-38xx/CVE-2025-3837.json b/CVE-2025/CVE-2025-38xx/CVE-2025-3837.json new file mode 100644 index 00000000000..e5b9c8aee89 --- /dev/null +++ b/CVE-2025/CVE-2025-38xx/CVE-2025-3837.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2025-3837", + "sourceIdentifier": "bd8dbf88-98d9-42c6-be08-cf8e48a32093", + "published": "2025-04-21T10:15:15.207", + "lastModified": "2025-04-21T10:15:15.207", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An improper input validation vulnerability is identified in the End of Life (EOL) OVA based connect component which is deployed for installation purposes in the customer internal network. This EOL component was deprecated in September 2023 with end of support extended till January 2024. Under certain circumstances, an actor can manipulate a specific request parameter and inject code execution payload which could lead to a remote code execution on the infrastructure hosting this component." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "bd8dbf88-98d9-42c6-be08-cf8e48a32093", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "ADJACENT", + "attackComplexity": "LOW", + "attackRequirements": "PRESENT", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "HIGH", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "bd8dbf88-98d9-42c6-be08-cf8e48a32093", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://saviynt.com/trust-compliance-security", + "source": "bd8dbf88-98d9-42c6-be08-cf8e48a32093" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-38xx/CVE-2025-3838.json b/CVE-2025/CVE-2025-38xx/CVE-2025-3838.json new file mode 100644 index 00000000000..7e1c9940404 --- /dev/null +++ b/CVE-2025/CVE-2025-38xx/CVE-2025-3838.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2025-3838", + "sourceIdentifier": "bd8dbf88-98d9-42c6-be08-cf8e48a32093", + "published": "2025-04-21T10:15:15.493", + "lastModified": "2025-04-21T10:15:15.493", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An Improper Authorization vulnerability was identified in the EOL OVA based connect component which is deployed for installation purposes in the customer internal network. Under certain conditions, this could allow a bad actor to gain unauthorized access to the local db containing weakly hashed credentials of the installer. This EOL component was deprecated in September 2023 with end of support extended till January 2024." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "bd8dbf88-98d9-42c6-be08-cf8e48a32093", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "ADJACENT", + "attackComplexity": "HIGH", + "attackRequirements": "PRESENT", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "HIGH", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "bd8dbf88-98d9-42c6-be08-cf8e48a32093", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-327" + }, + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "references": [ + { + "url": "https://saviynt.com/trust-compliance-security", + "source": "bd8dbf88-98d9-42c6-be08-cf8e48a32093" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-38xx/CVE-2025-3840.json b/CVE-2025/CVE-2025-38xx/CVE-2025-3840.json new file mode 100644 index 00000000000..677b2af38c8 --- /dev/null +++ b/CVE-2025/CVE-2025-38xx/CVE-2025-3840.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2025-3840", + "sourceIdentifier": "bd8dbf88-98d9-42c6-be08-cf8e48a32093", + "published": "2025-04-21T10:15:15.643", + "lastModified": "2025-04-21T10:15:15.643", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An improper neutralization of input vulnerability was identified in the End of Life (EOL) OVA based connect installer component which is deployed for installation purposes in a customer network. This EOL component was deprecated in September 2023 with end of support extended till January 2024. An actor can manipulate the action parameter of the login form to inject malicious scripts which would lead to a XSS attack under certain conditions." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "bd8dbf88-98d9-42c6-be08-cf8e48a32093", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 2.1, + "baseSeverity": "LOW", + "attackVector": "ADJACENT", + "attackComplexity": "LOW", + "attackRequirements": "PRESENT", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "bd8dbf88-98d9-42c6-be08-cf8e48a32093", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://saviynt.com/trust-compliance-security", + "source": "bd8dbf88-98d9-42c6-be08-cf8e48a32093" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 949d5f134ef..763fd092145 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-04-21T10:00:20.190056+00:00 +2025-04-21T12:00:22.260401+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-04-21T08:15:29.603000+00:00 +2025-04-21T10:15:15.643000+00:00 ``` ### Last Data Feed Release @@ -33,20 +33,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -290957 +290960 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `3` -- [CVE-2025-25228](CVE-2025/CVE-2025-252xx/CVE-2025-25228.json) (`2025-04-21T08:15:29.603`) +- [CVE-2025-3837](CVE-2025/CVE-2025-38xx/CVE-2025-3837.json) (`2025-04-21T10:15:15.207`) +- [CVE-2025-3838](CVE-2025/CVE-2025-38xx/CVE-2025-3838.json) (`2025-04-21T10:15:15.493`) +- [CVE-2025-3840](CVE-2025/CVE-2025-38xx/CVE-2025-3840.json) (`2025-04-21T10:15:15.643`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `1` +- [CVE-2024-38428](CVE-2024/CVE-2024-384xx/CVE-2024-38428.json) (`2025-04-21T10:15:14.207`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 0d0b79e702f..ca75ed0d57d 100644 --- a/_state.csv +++ b/_state.csv @@ -263446,7 +263446,7 @@ CVE-2024-38424,0,0,b20bddb1e41e4ece23219feec728eb8910763624d1ea2621b5bde813700fd CVE-2024-38425,0,0,e32a925c31eb52f678b53ceda419af6344b1d99e71a719366ec4341ee3e4c249,2024-10-16T17:34:41.633000 CVE-2024-38426,0,0,e896f072a48f5d2b654c4af89d02d2bbd31696f39a3689df3161861ab631426d,2025-03-06T15:21:46.720000 CVE-2024-38427,0,0,e03f18230b0965ff85c2447bdfa04160304b37189e7d46e85ccfd347184198b3,2024-11-21T09:25:48.097000 -CVE-2024-38428,0,0,ca429ab8620e857c2740a8b8cc185755a533a3afb8ba56ac4468e697f6bb9392,2024-11-21T09:25:48.560000 +CVE-2024-38428,0,1,c72add5c5aae31edb24e640e7e79ad15939c61344032404af547939c2c7019e9,2025-04-21T10:15:14.207000 CVE-2024-38429,0,0,b538fc48e96d9ea292e38fa094ab837d9c16ca39e46b7d2aa04f5879b36ef5a5,2024-11-21T09:25:48.997000 CVE-2024-3843,0,0,24522d8c268e04ee96e1eb3267665f0aabade4b40e231c67983061452f1d7b9f,2024-12-19T14:12:42.743000 CVE-2024-38430,0,0,06391b888b37c32bd396e288f10969027f9a85afbcf753d929198b114655413e,2024-11-21T09:25:49.360000 @@ -286435,7 +286435,7 @@ CVE-2025-25224,0,0,a4f44e8389415111624e6d3b431cded203f069a8e58de6c5b5f4eb5c08d09 CVE-2025-25225,0,0,50e1db0214d749384eee9692d10836c10107d4550447d640f020938a4553ed14,2025-03-18T17:15:45.920000 CVE-2025-25226,0,0,c1d011e8e7ba6b6c9f469aa960fb7064e4361a6d4416d3477e347671e561cfd3,2025-04-09T15:16:01.923000 CVE-2025-25227,0,0,14dde9d48b40850eb1a2d705436b8ead1fc46d2a4e1905b71e2c6de779c3c0c1,2025-04-08T19:15:47.290000 -CVE-2025-25228,1,1,24e6d17c3d068001758d1c7e91dbb9e6d7b8d811fd62b851c24c2a0fc54cfc32,2025-04-21T08:15:29.603000 +CVE-2025-25228,0,0,24e6d17c3d068001758d1c7e91dbb9e6d7b8d811fd62b851c24c2a0fc54cfc32,2025-04-21T08:15:29.603000 CVE-2025-25230,0,0,eda7bae587038dbe737ac1b58819171e7e8c749a5fc4be7c7065ace452922ddd,2025-04-17T20:21:48.243000 CVE-2025-25234,0,0,2b419c514ffa3511f89b28f3b386b39aa9cbefcbe4ffcb4b71f0eba868616331,2025-04-17T20:21:48.243000 CVE-2025-25241,0,0,f70d628c4466ad6abe844cd65a2579f5c9e5af240d0c56eadc1f05ff31a52618,2025-02-18T18:15:34.967000 @@ -290776,6 +290776,9 @@ CVE-2025-3827,0,0,2c065676f62a8efc53d1267f1968e879a7688f19a99cac3edee7f01713ad93 CVE-2025-3828,0,0,21ba1969c15d55d422105012001d55399a9f348f31d9a56752eb6b0b0ebb605e,2025-04-20T16:15:14.057000 CVE-2025-3829,0,0,d6f820dab60b7926192ca686dc2cdac1d32f1c148d9cb377aa4dc9ca0de2e07c,2025-04-20T16:15:14.230000 CVE-2025-3830,0,0,c349ff4b9a002c0025c459962a7618a1bb39129fae2021ecbde6472ecb914ca4,2025-04-20T17:15:44.950000 +CVE-2025-3837,1,1,d831149847ab5f27a9375862c78699b619d4662a9416ca4b62d7a495184b82b3,2025-04-21T10:15:15.207000 +CVE-2025-3838,1,1,ad1a4a6363f9dfcfb15fa35db50d698a50859d472a3e883adce524454ceae21e,2025-04-21T10:15:15.493000 +CVE-2025-3840,1,1,bd47c4daac9691b4d4c2bb717463516cfe5f56f84d03f6467084f2d79d1495bb,2025-04-21T10:15:15.643000 CVE-2025-38479,0,0,b2b6ea65e240d4ffeed782b9d037d3b3cf1f0ae1e3ce4a6e40a815527e135169,2025-04-18T07:15:43.613000 CVE-2025-38575,0,0,fc45fd45a431f685538b4001e1e87131d23faf0a16a9209a56843479513a7e70,2025-04-18T07:15:43.717000 CVE-2025-38637,0,0,994255e82cd74ce8666ff4c2bb27a6e5073245f15905958a121473a3bd555340,2025-04-18T07:15:43.823000