admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 11:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-04-21T12:00:22.260401+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-04-21 12:04:16 +00:00
parent c9116cd258
commit 3c563bbe22
6 changed files with 257 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2024/CVE-2024-384xx/CVE-2024-38428.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-38428",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-16T03:15:08.430",
"lastModified": "2024-11-21T09:25:48.560",
"lastModified": "2025-04-21T10:15:14.207",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -124,6 +124,10 @@
"Patch"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00029.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://lists.gnu.org/archive/html/bug-wget/2024-06/msg00005.html",
"source": "af854a3a-2127-422b-91ae-364da2661108",

78
CVE-2025/CVE-2025-38xx/CVE-2025-3837.json Normal file
View File

@ -0,0 +1,78 @@
{
"id": "CVE-2025-3837",
"sourceIdentifier": "bd8dbf88-98d9-42c6-be08-cf8e48a32093",
"published": "2025-04-21T10:15:15.207",
"lastModified": "2025-04-21T10:15:15.207",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper input validation vulnerability is identified in the End of Life (EOL) OVA based connect component which is deployed for installation purposes in the customer internal network. This EOL component was deprecated in September 2023 with end of support extended till January 2024. Under certain circumstances, an actor can manipulate a specific request parameter and inject code execution payload which could lead to a remote code execution on the infrastructure hosting this component."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "bd8dbf88-98d9-42c6-be08-cf8e48a32093",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "bd8dbf88-98d9-42c6-be08-cf8e48a32093",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://saviynt.com/trust-compliance-security",
"source": "bd8dbf88-98d9-42c6-be08-cf8e48a32093"
}
]
}

82
CVE-2025/CVE-2025-38xx/CVE-2025-3838.json Normal file
View File

@ -0,0 +1,82 @@
{
"id": "CVE-2025-3838",
"sourceIdentifier": "bd8dbf88-98d9-42c6-be08-cf8e48a32093",
"published": "2025-04-21T10:15:15.493",
"lastModified": "2025-04-21T10:15:15.493",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Authorization vulnerability was identified in the EOL OVA based connect component which is deployed for installation purposes in the customer internal network. Under certain conditions, this could allow a bad actor to gain unauthorized access to the local db containing weakly hashed credentials of the installer. This EOL component was deprecated in September 2023 with end of support extended till January 2024."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "bd8dbf88-98d9-42c6-be08-cf8e48a32093",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "bd8dbf88-98d9-42c6-be08-cf8e48a32093",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-327"
},
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://saviynt.com/trust-compliance-security",
"source": "bd8dbf88-98d9-42c6-be08-cf8e48a32093"
}
]
}

78
CVE-2025/CVE-2025-38xx/CVE-2025-3840.json Normal file
View File

@ -0,0 +1,78 @@
{
"id": "CVE-2025-3840",
"sourceIdentifier": "bd8dbf88-98d9-42c6-be08-cf8e48a32093",
"published": "2025-04-21T10:15:15.643",
"lastModified": "2025-04-21T10:15:15.643",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of input vulnerability was identified in the End of Life (EOL) OVA based connect installer component which is deployed for installation purposes in a customer network. This EOL component was deprecated in September 2023 with end of support extended till January 2024. An actor can manipulate the action parameter of the login form to inject malicious scripts which would lead to a XSS attack under certain conditions."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "bd8dbf88-98d9-42c6-be08-cf8e48a32093",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 2.1,
"baseSeverity": "LOW",
"attackVector": "ADJACENT",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "bd8dbf88-98d9-42c6-be08-cf8e48a32093",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://saviynt.com/trust-compliance-security",
"source": "bd8dbf88-98d9-42c6-be08-cf8e48a32093"
}
]
}

15
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2025-04-21T10:00:20.190056+00:00
2025-04-21T12:00:22.260401+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2025-04-21T08:15:29.603000+00:00
2025-04-21T10:15:15.643000+00:00
```
### Last Data Feed Release
@ -33,20 +33,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
290957
290960
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `3`
- [CVE-2025-25228](CVE-2025/CVE-2025-252xx/CVE-2025-25228.json) (`2025-04-21T08:15:29.603`)
- [CVE-2025-3837](CVE-2025/CVE-2025-38xx/CVE-2025-3837.json) (`2025-04-21T10:15:15.207`)
- [CVE-2025-3838](CVE-2025/CVE-2025-38xx/CVE-2025-3838.json) (`2025-04-21T10:15:15.493`)
- [CVE-2025-3840](CVE-2025/CVE-2025-38xx/CVE-2025-3840.json) (`2025-04-21T10:15:15.643`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `1`
- [CVE-2024-38428](CVE-2024/CVE-2024-384xx/CVE-2024-38428.json) (`2025-04-21T10:15:14.207`)
## Download and Usage

7
_state.csv
View File

@ -263446,7 +263446,7 @@ CVE-2024-38424,0,0,b20bddb1e41e4ece23219feec728eb8910763624d1ea2621b5bde813700fd
CVE-2024-38425,0,0,e32a925c31eb52f678b53ceda419af6344b1d99e71a719366ec4341ee3e4c249,2024-10-16T17:34:41.633000
CVE-2024-38426,0,0,e896f072a48f5d2b654c4af89d02d2bbd31696f39a3689df3161861ab631426d,2025-03-06T15:21:46.720000
CVE-2024-38427,0,0,e03f18230b0965ff85c2447bdfa04160304b37189e7d46e85ccfd347184198b3,2024-11-21T09:25:48.097000
CVE-2024-38428,0,0,ca429ab8620e857c2740a8b8cc185755a533a3afb8ba56ac4468e697f6bb9392,2024-11-21T09:25:48.560000
CVE-2024-38428,0,1,c72add5c5aae31edb24e640e7e79ad15939c61344032404af547939c2c7019e9,2025-04-21T10:15:14.207000
CVE-2024-38429,0,0,b538fc48e96d9ea292e38fa094ab837d9c16ca39e46b7d2aa04f5879b36ef5a5,2024-11-21T09:25:48.997000
CVE-2024-3843,0,0,24522d8c268e04ee96e1eb3267665f0aabade4b40e231c67983061452f1d7b9f,2024-12-19T14:12:42.743000
CVE-2024-38430,0,0,06391b888b37c32bd396e288f10969027f9a85afbcf753d929198b114655413e,2024-11-21T09:25:49.360000
@ -286435,7 +286435,7 @@ CVE-2025-25224,0,0,a4f44e8389415111624e6d3b431cded203f069a8e58de6c5b5f4eb5c08d09
CVE-2025-25225,0,0,50e1db0214d749384eee9692d10836c10107d4550447d640f020938a4553ed14,2025-03-18T17:15:45.920000
CVE-2025-25226,0,0,c1d011e8e7ba6b6c9f469aa960fb7064e4361a6d4416d3477e347671e561cfd3,2025-04-09T15:16:01.923000
CVE-2025-25227,0,0,14dde9d48b40850eb1a2d705436b8ead1fc46d2a4e1905b71e2c6de779c3c0c1,2025-04-08T19:15:47.290000
CVE-2025-25228,1,1,24e6d17c3d068001758d1c7e91dbb9e6d7b8d811fd62b851c24c2a0fc54cfc32,2025-04-21T08:15:29.603000
CVE-2025-25228,0,0,24e6d17c3d068001758d1c7e91dbb9e6d7b8d811fd62b851c24c2a0fc54cfc32,2025-04-21T08:15:29.603000
CVE-2025-25230,0,0,eda7bae587038dbe737ac1b58819171e7e8c749a5fc4be7c7065ace452922ddd,2025-04-17T20:21:48.243000
CVE-2025-25234,0,0,2b419c514ffa3511f89b28f3b386b39aa9cbefcbe4ffcb4b71f0eba868616331,2025-04-17T20:21:48.243000
CVE-2025-25241,0,0,f70d628c4466ad6abe844cd65a2579f5c9e5af240d0c56eadc1f05ff31a52618,2025-02-18T18:15:34.967000
@ -290776,6 +290776,9 @@ CVE-2025-3827,0,0,2c065676f62a8efc53d1267f1968e879a7688f19a99cac3edee7f01713ad93
CVE-2025-3828,0,0,21ba1969c15d55d422105012001d55399a9f348f31d9a56752eb6b0b0ebb605e,2025-04-20T16:15:14.057000
CVE-2025-3829,0,0,d6f820dab60b7926192ca686dc2cdac1d32f1c148d9cb377aa4dc9ca0de2e07c,2025-04-20T16:15:14.230000
CVE-2025-3830,0,0,c349ff4b9a002c0025c459962a7618a1bb39129fae2021ecbde6472ecb914ca4,2025-04-20T17:15:44.950000
CVE-2025-3837,1,1,d831149847ab5f27a9375862c78699b619d4662a9416ca4b62d7a495184b82b3,2025-04-21T10:15:15.207000
CVE-2025-3838,1,1,ad1a4a6363f9dfcfb15fa35db50d698a50859d472a3e883adce524454ceae21e,2025-04-21T10:15:15.493000
CVE-2025-3840,1,1,bd47c4daac9691b4d4c2bb717463516cfe5f56f84d03f6467084f2d79d1495bb,2025-04-21T10:15:15.643000
CVE-2025-38479,0,0,b2b6ea65e240d4ffeed782b9d037d3b3cf1f0ae1e3ce4a6e40a815527e135169,2025-04-18T07:15:43.613000
CVE-2025-38575,0,0,fc45fd45a431f685538b4001e1e87131d23faf0a16a9209a56843479513a7e70,2025-04-18T07:15:43.717000
CVE-2025-38637,0,0,994255e82cd74ce8666ff4c2bb27a6e5073245f15905958a121473a3bd555340,2025-04-18T07:15:43.823000

Can't render this file because it is too large.