Auto-Update: 2025-04-21T12:00:22.260401+00:00

2025-05-08 19:47:09 +00:00 · 2025-04-21 12:04:16 +00:00 · 2025-04-21 12:04:16 +00:00 · 3c563bbe22
commit 3c563bbe22
parent c9116cd258
6 changed files with 257 additions and 9 deletions
--- a/CVE-2024/CVE-2024-384xx/CVE-2024-38428.json
+++ b/CVE-2024/CVE-2024-384xx/CVE-2024-38428.json
@ -2,7 +2,7 @@
  "id": "CVE-2024-38428",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-06-16T03:15:08.430",
-  "lastModified": "2024-11-21T09:25:48.560",
+  "lastModified": "2025-04-21T10:15:14.207",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
@ -124,6 +124,10 @@
        "Patch"
      ]
    },
    {
      "url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00029.html",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "https://lists.gnu.org/archive/html/bug-wget/2024-06/msg00005.html",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
--- a/CVE-2025/CVE-2025-38xx/CVE-2025-3837.json
+++ b/CVE-2025/CVE-2025-38xx/CVE-2025-3837.json
@ -0,0 +1,78 @@
 {
  "id": "CVE-2025-3837",
  "sourceIdentifier": "bd8dbf88-98d9-42c6-be08-cf8e48a32093",
  "published": "2025-04-21T10:15:15.207",
  "lastModified": "2025-04-21T10:15:15.207",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An improper input validation vulnerability is identified in the End of Life (EOL) OVA based connect component which is deployed for installation purposes in the customer internal network. This EOL component was deprecated in September 2023 with end of support extended till January 2024. Under certain circumstances, an actor can manipulate a specific request parameter and inject code execution payload which could lead to a remote code execution on the infrastructure hosting this component."
    }
  ],
  "metrics": {
    "cvssMetricV40": [
      {
        "source": "bd8dbf88-98d9-42c6-be08-cf8e48a32093",
        "type": "Secondary",
        "cvssData": {
          "version": "4.0",
          "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "attackVector": "ADJACENT",
          "attackComplexity": "LOW",
          "attackRequirements": "PRESENT",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "vulnConfidentialityImpact": "LOW",
          "vulnIntegrityImpact": "LOW",
          "vulnAvailabilityImpact": "HIGH",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "subAvailabilityImpact": "NONE",
          "exploitMaturity": "NOT_DEFINED",
          "confidentialityRequirement": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "availabilityRequirement": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "valueDensity": "NOT_DEFINED",
          "vulnerabilityResponseEffort": "NOT_DEFINED",
          "providerUrgency": "NOT_DEFINED"
        }
      }
    ]
  },
  "weaknesses": [
    {
      "source": "bd8dbf88-98d9-42c6-be08-cf8e48a32093",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://saviynt.com/trust-compliance-security",
      "source": "bd8dbf88-98d9-42c6-be08-cf8e48a32093"
    }
  ]
 }
--- a/CVE-2025/CVE-2025-38xx/CVE-2025-3838.json
+++ b/CVE-2025/CVE-2025-38xx/CVE-2025-3838.json
@ -0,0 +1,82 @@
 {
  "id": "CVE-2025-3838",
  "sourceIdentifier": "bd8dbf88-98d9-42c6-be08-cf8e48a32093",
  "published": "2025-04-21T10:15:15.493",
  "lastModified": "2025-04-21T10:15:15.493",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An Improper Authorization vulnerability was identified in the EOL OVA based connect component which is deployed for installation purposes in the customer internal network. Under certain conditions, this could allow a bad actor to gain unauthorized access to the local db containing weakly hashed credentials of the installer. This EOL component was deprecated in September 2023 with end of support extended till January 2024."
    }
  ],
  "metrics": {
    "cvssMetricV40": [
      {
        "source": "bd8dbf88-98d9-42c6-be08-cf8e48a32093",
        "type": "Secondary",
        "cvssData": {
          "version": "4.0",
          "vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "attackVector": "ADJACENT",
          "attackComplexity": "HIGH",
          "attackRequirements": "PRESENT",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "vulnConfidentialityImpact": "LOW",
          "vulnIntegrityImpact": "LOW",
          "vulnAvailabilityImpact": "HIGH",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "subAvailabilityImpact": "NONE",
          "exploitMaturity": "NOT_DEFINED",
          "confidentialityRequirement": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "availabilityRequirement": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "valueDensity": "NOT_DEFINED",
          "vulnerabilityResponseEffort": "NOT_DEFINED",
          "providerUrgency": "NOT_DEFINED"
        }
      }
    ]
  },
  "weaknesses": [
    {
      "source": "bd8dbf88-98d9-42c6-be08-cf8e48a32093",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-327"
        },
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://saviynt.com/trust-compliance-security",
      "source": "bd8dbf88-98d9-42c6-be08-cf8e48a32093"
    }
  ]
 }
--- a/CVE-2025/CVE-2025-38xx/CVE-2025-3840.json
+++ b/CVE-2025/CVE-2025-38xx/CVE-2025-3840.json
@ -0,0 +1,78 @@
 {
  "id": "CVE-2025-3840",
  "sourceIdentifier": "bd8dbf88-98d9-42c6-be08-cf8e48a32093",
  "published": "2025-04-21T10:15:15.643",
  "lastModified": "2025-04-21T10:15:15.643",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An improper neutralization of input vulnerability was identified in the End of Life (EOL) OVA based connect installer component which is deployed for installation purposes in a customer network. This EOL component was deprecated in September 2023 with end of support extended till January 2024. An actor can manipulate the action parameter of the login form to inject malicious scripts which would lead to a XSS attack under certain conditions."
    }
  ],
  "metrics": {
    "cvssMetricV40": [
      {
        "source": "bd8dbf88-98d9-42c6-be08-cf8e48a32093",
        "type": "Secondary",
        "cvssData": {
          "version": "4.0",
          "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "baseScore": 2.1,
          "baseSeverity": "LOW",
          "attackVector": "ADJACENT",
          "attackComplexity": "LOW",
          "attackRequirements": "PRESENT",
          "privilegesRequired": "NONE",
          "userInteraction": "PASSIVE",
          "vulnConfidentialityImpact": "LOW",
          "vulnIntegrityImpact": "LOW",
          "vulnAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "subAvailabilityImpact": "NONE",
          "exploitMaturity": "NOT_DEFINED",
          "confidentialityRequirement": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "availabilityRequirement": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "valueDensity": "NOT_DEFINED",
          "vulnerabilityResponseEffort": "NOT_DEFINED",
          "providerUrgency": "NOT_DEFINED"
        }
      }
    ]
  },
  "weaknesses": [
    {
      "source": "bd8dbf88-98d9-42c6-be08-cf8e48a32093",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://saviynt.com/trust-compliance-security",
      "source": "bd8dbf88-98d9-42c6-be08-cf8e48a32093"
    }
  ]
 }
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 ```plain
-2025-04-21T10:00:20.190056+00:00
+2025-04-21T12:00:22.260401+00:00
 ```
 ### Most recent CVE Modification Timestamp synchronized with NVD
 ```plain
-2025-04-21T08:15:29.603000+00:00
+2025-04-21T10:15:15.643000+00:00
 ```
 ### Last Data Feed Release
@ -33,20 +33,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 ```plain
-290957
+290960
 ```
 ### CVEs added in the last Commit
-Recently added CVEs: `1`
+Recently added CVEs: `3`
- [CVE-2025-25228](CVE-2025/CVE-2025-252xx/CVE-2025-25228.json) (`2025-04-21T08:15:29.603`)
+- [CVE-2025-3837](CVE-2025/CVE-2025-38xx/CVE-2025-3837.json) (`2025-04-21T10:15:15.207`)
 - [CVE-2025-3838](CVE-2025/CVE-2025-38xx/CVE-2025-3838.json) (`2025-04-21T10:15:15.493`)
 - [CVE-2025-3840](CVE-2025/CVE-2025-38xx/CVE-2025-3840.json) (`2025-04-21T10:15:15.643`)
 ### CVEs modified in the last Commit
-Recently modified CVEs: `0`
+Recently modified CVEs: `1`
 - [CVE-2024-38428](CVE-2024/CVE-2024-384xx/CVE-2024-38428.json) (`2025-04-21T10:15:14.207`)
 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -263446,7 +263446,7 @@ CVE-2024-38424,0,0,b20bddb1e41e4ece23219feec728eb8910763624d1ea2621b5bde813700fd
 CVE-2024-38425,0,0,e32a925c31eb52f678b53ceda419af6344b1d99e71a719366ec4341ee3e4c249,2024-10-16T17:34:41.633000
 CVE-2024-38426,0,0,e896f072a48f5d2b654c4af89d02d2bbd31696f39a3689df3161861ab631426d,2025-03-06T15:21:46.720000
 CVE-2024-38427,0,0,e03f18230b0965ff85c2447bdfa04160304b37189e7d46e85ccfd347184198b3,2024-11-21T09:25:48.097000
-CVE-2024-38428,0,0,ca429ab8620e857c2740a8b8cc185755a533a3afb8ba56ac4468e697f6bb9392,2024-11-21T09:25:48.560000
+CVE-2024-38428,0,1,c72add5c5aae31edb24e640e7e79ad15939c61344032404af547939c2c7019e9,2025-04-21T10:15:14.207000
 CVE-2024-38429,0,0,b538fc48e96d9ea292e38fa094ab837d9c16ca39e46b7d2aa04f5879b36ef5a5,2024-11-21T09:25:48.997000
 CVE-2024-3843,0,0,24522d8c268e04ee96e1eb3267665f0aabade4b40e231c67983061452f1d7b9f,2024-12-19T14:12:42.743000
 CVE-2024-38430,0,0,06391b888b37c32bd396e288f10969027f9a85afbcf753d929198b114655413e,2024-11-21T09:25:49.360000
@ -286435,7 +286435,7 @@ CVE-2025-25224,0,0,a4f44e8389415111624e6d3b431cded203f069a8e58de6c5b5f4eb5c08d09
 CVE-2025-25225,0,0,50e1db0214d749384eee9692d10836c10107d4550447d640f020938a4553ed14,2025-03-18T17:15:45.920000
 CVE-2025-25226,0,0,c1d011e8e7ba6b6c9f469aa960fb7064e4361a6d4416d3477e347671e561cfd3,2025-04-09T15:16:01.923000
 CVE-2025-25227,0,0,14dde9d48b40850eb1a2d705436b8ead1fc46d2a4e1905b71e2c6de779c3c0c1,2025-04-08T19:15:47.290000
-CVE-2025-25228,1,1,24e6d17c3d068001758d1c7e91dbb9e6d7b8d811fd62b851c24c2a0fc54cfc32,2025-04-21T08:15:29.603000
+CVE-2025-25228,0,0,24e6d17c3d068001758d1c7e91dbb9e6d7b8d811fd62b851c24c2a0fc54cfc32,2025-04-21T08:15:29.603000
 CVE-2025-25230,0,0,eda7bae587038dbe737ac1b58819171e7e8c749a5fc4be7c7065ace452922ddd,2025-04-17T20:21:48.243000
 CVE-2025-25234,0,0,2b419c514ffa3511f89b28f3b386b39aa9cbefcbe4ffcb4b71f0eba868616331,2025-04-17T20:21:48.243000
 CVE-2025-25241,0,0,f70d628c4466ad6abe844cd65a2579f5c9e5af240d0c56eadc1f05ff31a52618,2025-02-18T18:15:34.967000
@ -290776,6 +290776,9 @@ CVE-2025-3827,0,0,2c065676f62a8efc53d1267f1968e879a7688f19a99cac3edee7f01713ad93
 CVE-2025-3828,0,0,21ba1969c15d55d422105012001d55399a9f348f31d9a56752eb6b0b0ebb605e,2025-04-20T16:15:14.057000
 CVE-2025-3829,0,0,d6f820dab60b7926192ca686dc2cdac1d32f1c148d9cb377aa4dc9ca0de2e07c,2025-04-20T16:15:14.230000
 CVE-2025-3830,0,0,c349ff4b9a002c0025c459962a7618a1bb39129fae2021ecbde6472ecb914ca4,2025-04-20T17:15:44.950000
 CVE-2025-3837,1,1,d831149847ab5f27a9375862c78699b619d4662a9416ca4b62d7a495184b82b3,2025-04-21T10:15:15.207000
 CVE-2025-3838,1,1,ad1a4a6363f9dfcfb15fa35db50d698a50859d472a3e883adce524454ceae21e,2025-04-21T10:15:15.493000
 CVE-2025-3840,1,1,bd47c4daac9691b4d4c2bb717463516cfe5f56f84d03f6467084f2d79d1495bb,2025-04-21T10:15:15.643000
 CVE-2025-38479,0,0,b2b6ea65e240d4ffeed782b9d037d3b3cf1f0ae1e3ce4a6e40a815527e135169,2025-04-18T07:15:43.613000
 CVE-2025-38575,0,0,fc45fd45a431f685538b4001e1e87131d23faf0a16a9209a56843479513a7e70,2025-04-18T07:15:43.717000
 CVE-2025-38637,0,0,994255e82cd74ce8666ff4c2bb27a6e5073245f15905958a121473a3bd555340,2025-04-18T07:15:43.823000