From 40ffbaac599d20727326768f9a4367f4844a4ffa Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 9 Jan 2025 05:03:43 +0000 Subject: [PATCH] Auto-Update: 2025-01-09T05:00:19.771033+00:00 --- CVE-2024/CVE-2024-132xx/CVE-2024-13200.json | 145 ++++++++++++++++++++ CVE-2024/CVE-2024-132xx/CVE-2024-13201.json | 145 ++++++++++++++++++++ CVE-2024/CVE-2024-132xx/CVE-2024-13202.json | 145 ++++++++++++++++++++ CVE-2024/CVE-2024-132xx/CVE-2024-13203.json | 137 ++++++++++++++++++ CVE-2024/CVE-2024-132xx/CVE-2024-13204.json | 137 ++++++++++++++++++ CVE-2024/CVE-2024-132xx/CVE-2024-13205.json | 141 +++++++++++++++++++ CVE-2024/CVE-2024-132xx/CVE-2024-13206.json | 141 +++++++++++++++++++ CVE-2024/CVE-2024-132xx/CVE-2024-13209.json | 141 +++++++++++++++++++ CVE-2024/CVE-2024-132xx/CVE-2024-13210.json | 145 ++++++++++++++++++++ CVE-2024/CVE-2024-132xx/CVE-2024-13211.json | 145 ++++++++++++++++++++ CVE-2024/CVE-2024-132xx/CVE-2024-13212.json | 145 ++++++++++++++++++++ CVE-2024/CVE-2024-132xx/CVE-2024-13213.json | 145 ++++++++++++++++++++ CVE-2024/CVE-2024-568xx/CVE-2024-56826.json | 68 +++++++++ CVE-2024/CVE-2024-568xx/CVE-2024-56827.json | 68 +++++++++ CVE-2025/CVE-2025-03xx/CVE-2025-0306.json | 60 ++++++++ README.md | 37 ++--- _state.csv | 39 ++++-- 17 files changed, 1955 insertions(+), 29 deletions(-) create mode 100644 CVE-2024/CVE-2024-132xx/CVE-2024-13200.json create mode 100644 CVE-2024/CVE-2024-132xx/CVE-2024-13201.json create mode 100644 CVE-2024/CVE-2024-132xx/CVE-2024-13202.json create mode 100644 CVE-2024/CVE-2024-132xx/CVE-2024-13203.json create mode 100644 CVE-2024/CVE-2024-132xx/CVE-2024-13204.json create mode 100644 CVE-2024/CVE-2024-132xx/CVE-2024-13205.json create mode 100644 CVE-2024/CVE-2024-132xx/CVE-2024-13206.json create mode 100644 CVE-2024/CVE-2024-132xx/CVE-2024-13209.json create mode 100644 CVE-2024/CVE-2024-132xx/CVE-2024-13210.json create mode 100644 CVE-2024/CVE-2024-132xx/CVE-2024-13211.json create mode 100644 CVE-2024/CVE-2024-132xx/CVE-2024-13212.json create mode 100644 CVE-2024/CVE-2024-132xx/CVE-2024-13213.json create mode 100644 CVE-2024/CVE-2024-568xx/CVE-2024-56826.json create mode 100644 CVE-2024/CVE-2024-568xx/CVE-2024-56827.json create mode 100644 CVE-2025/CVE-2025-03xx/CVE-2025-0306.json diff --git a/CVE-2024/CVE-2024-132xx/CVE-2024-13200.json b/CVE-2024/CVE-2024-132xx/CVE-2024-13200.json new file mode 100644 index 00000000000..138c1d39685 --- /dev/null +++ b/CVE-2024/CVE-2024-132xx/CVE-2024-13200.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2024-13200", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-01-09T03:15:23.820", + "lastModified": "2025-01-09T03:15:23.820", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, was found in wander-chu SpringBoot-Blog 1.0. This affects the function preHandle of the file src/main/java/com/my/blog/website/interceptor/BaseInterceptor.java of the component HTTP POST Request Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-266" + }, + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/wander-chu/SpringBoot-Blog/issues/4", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/wander-chu/SpringBoot-Blog/issues/4#issue-2761636207", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.290793", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.290793", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.470902", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-132xx/CVE-2024-13201.json b/CVE-2024/CVE-2024-132xx/CVE-2024-13201.json new file mode 100644 index 00000000000..069566214b6 --- /dev/null +++ b/CVE-2024/CVE-2024-132xx/CVE-2024-13201.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2024-13201", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-01-09T03:15:24.020", + "lastModified": "2025-01-09T03:15:24.020", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in wander-chu SpringBoot-Blog 1.0 and classified as critical. This vulnerability affects the function upload of the file src/main/java/com/my/blog/website/controller/admin/AttachtController.java of the component Admin Attachment Handler. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", + "baseScore": 5.8, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 6.4, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + }, + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/wander-chu/SpringBoot-Blog/issues/6", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/wander-chu/SpringBoot-Blog/issues/6#issue-2761640788", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.290794", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.290794", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.470910", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-132xx/CVE-2024-13202.json b/CVE-2024/CVE-2024-132xx/CVE-2024-13202.json new file mode 100644 index 00000000000..6fac8ca5f7c --- /dev/null +++ b/CVE-2024/CVE-2024-132xx/CVE-2024-13202.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2024-13202", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-01-09T03:15:24.220", + "lastModified": "2025-01-09T03:15:24.220", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in wander-chu SpringBoot-Blog 1.0 and classified as problematic. This issue affects the function modifiyArticle of the file src/main/java/com/my/blog/website/controller/admin/PageController.java of the component Blog Article Handler. The manipulation of the argument content leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 2.4, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", + "baseScore": 3.3, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "LOW", + "exploitabilityScore": 6.4, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/wander-chu/SpringBoot-Blog/issues/7", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/wander-chu/SpringBoot-Blog/issues/7#issue-2761643235", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.290795", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.290795", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.470914", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-132xx/CVE-2024-13203.json b/CVE-2024/CVE-2024-132xx/CVE-2024-13203.json new file mode 100644 index 00000000000..305b7fbf830 --- /dev/null +++ b/CVE-2024/CVE-2024-132xx/CVE-2024-13203.json @@ -0,0 +1,137 @@ +{ + "id": "CVE-2024-13203", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-01-09T03:15:24.410", + "lastModified": "2025-01-09T03:15:24.410", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "baseScore": 5.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 10.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + }, + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.290796", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.290796", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.websecurityinsights.my.id/2024/12/ecommerce-php-by-kurniaramadhan-sql.html?m=1", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-132xx/CVE-2024-13204.json b/CVE-2024/CVE-2024-132xx/CVE-2024-13204.json new file mode 100644 index 00000000000..dd0b1fc50ea --- /dev/null +++ b/CVE-2024/CVE-2024-132xx/CVE-2024-13204.json @@ -0,0 +1,137 @@ +{ + "id": "CVE-2024-13204", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-01-09T03:15:24.603", + "lastModified": "2025-01-09T03:15:24.603", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /blog-details.php. The manipulation of the argument blog_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.290797", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.290797", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.websecurityinsights.my.id/2024/12/ecommerce-php-by-kurniaramadhan-sql.html?m=1", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-132xx/CVE-2024-13205.json b/CVE-2024/CVE-2024-132xx/CVE-2024-13205.json new file mode 100644 index 00000000000..199788335e9 --- /dev/null +++ b/CVE-2024/CVE-2024-132xx/CVE-2024-13205.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-13205", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-01-09T03:15:24.800", + "lastModified": "2025-01-09T03:15:24.800", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/create_product.php of the component Create Product Page. The manipulation of the argument Name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 0.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", + "baseScore": 5.8, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 6.4, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.290798", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.290798", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.471233", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.websecurityinsights.my.id/2024/12/ecommerce-php-by-kurniaramadhan-sql.html?m=1", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-132xx/CVE-2024-13206.json b/CVE-2024/CVE-2024-132xx/CVE-2024-13206.json new file mode 100644 index 00000000000..7a9a4338710 --- /dev/null +++ b/CVE-2024/CVE-2024-132xx/CVE-2024-13206.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-13206", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-01-09T04:15:10.990", + "lastModified": "2025-01-09T04:15:10.990", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in REVE Antivirus 1.0.0.0 on Linux. This affects an unknown part of the file /usr/local/reveantivirus/tmp/reveinstall. The manipulation leads to incorrect default permissions. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C", + "baseScore": 6.8, + "accessVector": "LOCAL", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "COMPLETE", + "integrityImpact": "COMPLETE", + "availabilityImpact": "COMPLETE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 3.1, + "impactScore": 10.0, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-266" + }, + { + "lang": "en", + "value": "CWE-276" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/hawkteam404/RnD_Public/blob/main/reve_av_multiple_vuln.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.290799", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.290799", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.471160", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-132xx/CVE-2024-13209.json b/CVE-2024/CVE-2024-132xx/CVE-2024-13209.json new file mode 100644 index 00000000000..177a1c91cc3 --- /dev/null +++ b/CVE-2024/CVE-2024-132xx/CVE-2024-13209.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-13209", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-01-09T04:15:11.683", + "lastModified": "2025-01-09T04:15:11.683", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Redaxo CMS 5.18.1. It has been classified as problematic. Affected is an unknown function of the file /index.php?page=structure&category_id=1&article_id=1&clang=1&function=edit_art&artstart=0 of the component Structure Management Page. The manipulation of the argument Article Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 2.4, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", + "baseScore": 3.3, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "LOW", + "exploitabilityScore": 6.4, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://geochen.medium.com/redaxo-cms-5-18-1-cross-site-scripting-7c9a872c72f6", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.290814", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.290814", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.466396", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-132xx/CVE-2024-13210.json b/CVE-2024/CVE-2024-132xx/CVE-2024-13210.json new file mode 100644 index 00000000000..82c8c4c1e2c --- /dev/null +++ b/CVE-2024/CVE-2024-132xx/CVE-2024-13210.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2024-13210", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-01-09T04:15:11.890", + "lastModified": "2025-01-09T04:15:11.890", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in donglight bookstore\u7535\u5546\u4e66\u57ce\u7cfb\u7edf\u8bf4\u660e 1.0. It has been declared as critical. Affected by this vulnerability is the function uploadPicture of the file src/main/java/org/zdd/bookstore/web/controller/admin/AdminBookController. java. The manipulation of the argument pictureFile leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", + "baseScore": 5.8, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 6.4, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + }, + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/donglight/bookstore/issues/10", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/donglight/bookstore/issues/10#issue-2760923048", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.290815", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.290815", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.469686", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-132xx/CVE-2024-13211.json b/CVE-2024/CVE-2024-132xx/CVE-2024-13211.json new file mode 100644 index 00000000000..df3abd4cfad --- /dev/null +++ b/CVE-2024/CVE-2024-132xx/CVE-2024-13211.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2024-13211", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-01-09T04:15:12.077", + "lastModified": "2025-01-09T04:15:12.077", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in SingMR HouseRent 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/main/java/com/house/wym/controller/AdminController.java. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-266" + }, + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/SingMR/HouseRent/issues/12", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/SingMR/HouseRent/issues/12#issue-2762124045", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.290816", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.290816", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.471427", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-132xx/CVE-2024-13212.json b/CVE-2024/CVE-2024-132xx/CVE-2024-13212.json new file mode 100644 index 00000000000..2a867f1be7d --- /dev/null +++ b/CVE-2024/CVE-2024-132xx/CVE-2024-13212.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2024-13212", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-01-09T04:15:12.277", + "lastModified": "2025-01-09T04:15:12.277", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in SingMR HouseRent 1.0. This affects the function singleUpload/upload of the file src/main/java/com/house/wym/controller/AddHouseController.java. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + }, + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/SingMR/HouseRent/issues/13", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/SingMR/HouseRent/issues/13#issue-2762125363", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.290817", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.290817", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.471441", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-132xx/CVE-2024-13213.json b/CVE-2024/CVE-2024-132xx/CVE-2024-13213.json new file mode 100644 index 00000000000..bf876761e3f --- /dev/null +++ b/CVE-2024/CVE-2024-132xx/CVE-2024-13213.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2024-13213", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-01-09T04:15:12.453", + "lastModified": "2025-01-09T04:15:12.453", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as problematic was found in SingMR HouseRent 1.0. This vulnerability affects unknown code of the file /toAdminUpdateHousePage?hID=30. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 3.5, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseScore": 4.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/SingMR/HouseRent/issues/15", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/SingMR/HouseRent/issues/15#issue-2762127702", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.290818", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.290818", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.471444", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-568xx/CVE-2024-56826.json b/CVE-2024/CVE-2024-568xx/CVE-2024-56826.json new file mode 100644 index 00000000000..5f95d82a1f8 --- /dev/null +++ b/CVE-2024/CVE-2024-568xx/CVE-2024-56826.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2024-56826", + "sourceIdentifier": "secalert@redhat.com", + "published": "2025-01-09T04:15:12.660", + "lastModified": "2025-01-09T04:15:12.660", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "baseScore": 5.6, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2024-56826", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2335172", + "source": "secalert@redhat.com" + }, + { + "url": "https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8", + "source": "secalert@redhat.com" + }, + { + "url": "https://github.com/uclouvain/openjpeg/issues/1563", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-568xx/CVE-2024-56827.json b/CVE-2024/CVE-2024-568xx/CVE-2024-56827.json new file mode 100644 index 00000000000..63c90603325 --- /dev/null +++ b/CVE-2024/CVE-2024-568xx/CVE-2024-56827.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2024-56827", + "sourceIdentifier": "secalert@redhat.com", + "published": "2025-01-09T04:15:12.840", + "lastModified": "2025-01-09T04:15:12.840", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "baseScore": 5.6, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2024-56827", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2335174", + "source": "secalert@redhat.com" + }, + { + "url": "https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8", + "source": "secalert@redhat.com" + }, + { + "url": "https://github.com/uclouvain/openjpeg/issues/1564", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-03xx/CVE-2025-0306.json b/CVE-2025/CVE-2025-03xx/CVE-2025-0306.json new file mode 100644 index 00000000000..a679254a61f --- /dev/null +++ b/CVE-2025/CVE-2025-03xx/CVE-2025-0306.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-0306", + "sourceIdentifier": "secalert@redhat.com", + "published": "2025-01-09T04:15:13.000", + "lastModified": "2025-01-09T04:15:13.000", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-385" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2025-0306", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2336100", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index dd28ba30d1a..f638aa5399d 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-01-09T03:00:23.081592+00:00 +2025-01-09T05:00:19.771033+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-01-09T02:00:01.633000+00:00 +2025-01-09T04:15:13+00:00 ``` ### Last Data Feed Release @@ -33,31 +33,34 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -276359 +276374 ``` ### CVEs added in the last Commit -Recently added CVEs: `10` +Recently added CVEs: `15` -- [CVE-2023-23913](CVE-2023/CVE-2023-239xx/CVE-2023-23913.json) (`2025-01-09T01:15:07.257`) -- [CVE-2023-27531](CVE-2023/CVE-2023-275xx/CVE-2023-27531.json) (`2025-01-09T01:15:07.380`) -- [CVE-2023-27539](CVE-2023/CVE-2023-275xx/CVE-2023-27539.json) (`2025-01-09T01:15:07.483`) -- [CVE-2023-28120](CVE-2023/CVE-2023-281xx/CVE-2023-28120.json) (`2025-01-09T01:15:07.637`) -- [CVE-2023-28362](CVE-2023/CVE-2023-283xx/CVE-2023-28362.json) (`2025-01-09T01:15:07.750`) -- [CVE-2023-38037](CVE-2023/CVE-2023-380xx/CVE-2023-38037.json) (`2025-01-09T01:15:07.853`) -- [CVE-2024-13198](CVE-2024/CVE-2024-131xx/CVE-2024-13198.json) (`2025-01-09T01:15:07.970`) -- [CVE-2024-13199](CVE-2024/CVE-2024-131xx/CVE-2024-13199.json) (`2025-01-09T01:15:08.170`) -- [CVE-2024-27980](CVE-2024/CVE-2024-279xx/CVE-2024-27980.json) (`2025-01-09T01:15:08.367`) -- [CVE-2024-37372](CVE-2024/CVE-2024-373xx/CVE-2024-37372.json) (`2025-01-09T01:15:08.500`) +- [CVE-2024-13200](CVE-2024/CVE-2024-132xx/CVE-2024-13200.json) (`2025-01-09T03:15:23.820`) +- [CVE-2024-13201](CVE-2024/CVE-2024-132xx/CVE-2024-13201.json) (`2025-01-09T03:15:24.020`) +- [CVE-2024-13202](CVE-2024/CVE-2024-132xx/CVE-2024-13202.json) (`2025-01-09T03:15:24.220`) +- [CVE-2024-13203](CVE-2024/CVE-2024-132xx/CVE-2024-13203.json) (`2025-01-09T03:15:24.410`) +- [CVE-2024-13204](CVE-2024/CVE-2024-132xx/CVE-2024-13204.json) (`2025-01-09T03:15:24.603`) +- [CVE-2024-13205](CVE-2024/CVE-2024-132xx/CVE-2024-13205.json) (`2025-01-09T03:15:24.800`) +- [CVE-2024-13206](CVE-2024/CVE-2024-132xx/CVE-2024-13206.json) (`2025-01-09T04:15:10.990`) +- [CVE-2024-13209](CVE-2024/CVE-2024-132xx/CVE-2024-13209.json) (`2025-01-09T04:15:11.683`) +- [CVE-2024-13210](CVE-2024/CVE-2024-132xx/CVE-2024-13210.json) (`2025-01-09T04:15:11.890`) +- [CVE-2024-13211](CVE-2024/CVE-2024-132xx/CVE-2024-13211.json) (`2025-01-09T04:15:12.077`) +- [CVE-2024-13212](CVE-2024/CVE-2024-132xx/CVE-2024-13212.json) (`2025-01-09T04:15:12.277`) +- [CVE-2024-13213](CVE-2024/CVE-2024-132xx/CVE-2024-13213.json) (`2025-01-09T04:15:12.453`) +- [CVE-2024-56826](CVE-2024/CVE-2024-568xx/CVE-2024-56826.json) (`2025-01-09T04:15:12.660`) +- [CVE-2024-56827](CVE-2024/CVE-2024-568xx/CVE-2024-56827.json) (`2025-01-09T04:15:12.840`) +- [CVE-2025-0306](CVE-2025/CVE-2025-03xx/CVE-2025-0306.json) (`2025-01-09T04:15:13.000`) ### CVEs modified in the last Commit -Recently modified CVEs: `2` +Recently modified CVEs: `0` -- [CVE-2024-53564](CVE-2024/CVE-2024-535xx/CVE-2024-53564.json) (`2025-01-09T01:15:08.627`) -- [CVE-2025-0282](CVE-2025/CVE-2025-02xx/CVE-2025-0282.json) (`2025-01-09T02:00:01.633`) ## Download and Usage diff --git a/_state.csv b/_state.csv index d4d07269c6a..0c37857be8c 100644 --- a/_state.csv +++ b/_state.csv @@ -218376,7 +218376,7 @@ CVE-2023-2391,0,0,842b5ed1e83f3843cc8ff569595999d59ab60a89d681911295b32b17482d8a CVE-2023-23910,0,0,63dd2cbd6ea1319bd3dfbe7034480d2df6c3610536e09ad75b890a6424f8445c,2024-11-21T07:47:04.990000 CVE-2023-23911,0,0,21f6240ed9aeb3ac846a763b503b5b3c1d795b32a63b3bf506eaaf00a1bef61d,2024-11-21T07:47:05.107000 CVE-2023-23912,0,0,161d529023d5efa110c9e01ceedff90a5c8e1f1dbacb3f558d319d2d5b757b61,2024-11-21T07:47:05.220000 -CVE-2023-23913,1,1,2e8c907a237617f09d2af6fe3eb12ddd30440fae4607e415ab1a121092147ab5,2025-01-09T01:15:07.257000 +CVE-2023-23913,0,0,2e8c907a237617f09d2af6fe3eb12ddd30440fae4607e415ab1a121092147ab5,2025-01-09T01:15:07.257000 CVE-2023-23914,0,0,121f340e4a39b81a4db03b348db17224f75a3193a520311b64556a5e4bc44031,2024-11-21T07:47:05.357000 CVE-2023-23915,0,0,dcd22de65c54681cbaaa36e8c3304723129cf00bf12179d0d4f5df436b3c2155,2024-11-21T07:47:05.507000 CVE-2023-23916,0,0,50b3eac92c83746250383e0d0c2541bdf9456b5720cc86fdbbe8c6ebf0f59647,2024-11-21T07:47:05.653000 @@ -221257,7 +221257,7 @@ CVE-2023-27527,0,0,ef895853842493f6d6e428aef03b5f2da5176173f94982e6fa7ef668485ee CVE-2023-27529,0,0,742fe919ca459273a4aea573b60b776ff584255cb3cb0584166ca44156cf4224,2024-11-21T07:53:06.277000 CVE-2023-2753,0,0,07c6e809a42ad3b510370047ca6a9af0cbf43d74dbab18486dd49105dce46294,2024-11-21T07:59:13.583000 CVE-2023-27530,0,0,b38d60292378b01f02071b1a709b01b4844b4ce61f4f988722b92fc121e4966a,2024-11-21T07:53:06.430000 -CVE-2023-27531,1,1,28c36afac6281dee95d3d0f0c40a0a519d7a7ce52f3dfc7949808ddf3fa14c9e,2025-01-09T01:15:07.380000 +CVE-2023-27531,0,0,28c36afac6281dee95d3d0f0c40a0a519d7a7ce52f3dfc7949808ddf3fa14c9e,2025-01-09T01:15:07.380000 CVE-2023-27532,0,0,e3663dce5d0ed9e697881b0b0fb6ed82ce0fa73f270203c1c47b2cc37854ca94,2024-11-21T07:53:06.657000 CVE-2023-27533,0,0,4454110a1b2f4b69eb0494f7d72ff64548b9621981ce044c5c229000994a20ec,2024-11-21T07:53:06.787000 CVE-2023-27534,0,0,89bb3378a6d88f9b6e7db9854c050ad3fe776e1519d432e0012c35b7535689e5,2024-11-21T07:53:06.953000 @@ -221265,7 +221265,7 @@ CVE-2023-27535,0,0,c2b4abc030cb6f06518e4e055ad1676e5925ae5eca610f01961ce82bf7c34 CVE-2023-27536,0,0,b10dfe16758c3908f32d3f68323ce92c363c8910b2934bf81b45b45349f6537e,2024-11-21T07:53:07.250000 CVE-2023-27537,0,0,26116245d5d8e954b6679b002b6cf07b10f8de81bf04eccd9a74edc79eae29ab,2024-11-21T07:53:07.407000 CVE-2023-27538,0,0,ea16ad7cd9b8585d2cdc0b52344854924f577fe779142b677c99cf89474d171b,2024-11-21T07:53:07.540000 -CVE-2023-27539,1,1,2aad5095bbafc6ab0f1f88ee0ed7e5756ca35f16d521e64df5b6c9cfd1dde87f,2025-01-09T01:15:07.483000 +CVE-2023-27539,0,0,2aad5095bbafc6ab0f1f88ee0ed7e5756ca35f16d521e64df5b6c9cfd1dde87f,2025-01-09T01:15:07.483000 CVE-2023-2754,0,0,d5f6eb5ab236b3e3f181c76459d82ae29b6dfb8e4cabb74d93353265b6c24b94,2024-11-21T07:59:13.700000 CVE-2023-27540,0,0,e4f5a1b7cec8ef2d7fa729e4f9d99a9b9a12336eae9d656bd8d408965b9762f1,2024-11-21T07:53:07.683000 CVE-2023-27545,0,0,b2e7b47fc90259bf8fa905eaab6313d354638d5c3596602c89dbf7a17d90f60f,2024-11-21T07:53:07.830000 @@ -221758,7 +221758,7 @@ CVE-2023-28117,0,0,1c4b87e6ffdac2461e6f67e5d4a60b1df82d2291b34817c12ec807a0e1a77 CVE-2023-28118,0,0,3c4e31868a5835a82fc3f7399d5ec399e19eacb503ecafc6816367f80ed133f1,2024-11-21T07:54:26.560000 CVE-2023-28119,0,0,177e497f643703ca71425d1fd44f8f0691bf1adeafa102f689da7214fb97326d,2024-11-21T07:54:26.683000 CVE-2023-2812,0,0,8ca2b5941b57d889e8050dd01df5d6332faab3b7c9be173cb34b6d5df0649316,2024-11-21T07:59:20.210000 -CVE-2023-28120,1,1,61de28f9b8e96e3a555f17ad557ddc3c3f123af301e65b22b7492a50e1f762db,2025-01-09T01:15:07.637000 +CVE-2023-28120,0,0,61de28f9b8e96e3a555f17ad557ddc3c3f123af301e65b22b7492a50e1f762db,2025-01-09T01:15:07.637000 CVE-2023-28121,0,0,ec8fff6d6e41724f8544797a24801e52673d8d932749cae73931ca46b253f482,2024-11-21T07:54:26.807000 CVE-2023-28122,0,0,2bc21c696415be5bb15ee8705cc555d3392196074dceafbd506b758ce250de18,2024-11-21T07:54:26.937000 CVE-2023-28123,0,0,6aeaec24addbc5446d4b9dfcebba426183a2c5b7ba1d5c92eba28e82a2e7be5f,2024-11-21T07:54:27.050000 @@ -221988,7 +221988,7 @@ CVE-2023-28359,0,0,cd55c22312372fb6f15a04d4134b33870fb2934978c373a7db0c340ac2a08 CVE-2023-2836,0,0,e304035203056a4f4a3afb3be38115d5014b45bcaf46fcbecbc18c914bc80cef,2024-11-21T07:59:23.180000 CVE-2023-28360,0,0,5ceb5d0d6176a83870db92b27e5fb686afcf6195e7abefc91242e0e5f5fa8572,2024-11-21T07:54:55.440000 CVE-2023-28361,0,0,06fd1bf43032dd9213305815ba759914cce3eec23910c1687ab4d395be68b16d,2024-11-21T07:54:55.543000 -CVE-2023-28362,1,1,6ad542f09fb07f9a8bdec8cdaea2ad3f8c43a4aed7bb534ac259a02f2d33ccee,2025-01-09T01:15:07.750000 +CVE-2023-28362,0,0,6ad542f09fb07f9a8bdec8cdaea2ad3f8c43a4aed7bb534ac259a02f2d33ccee,2025-01-09T01:15:07.750000 CVE-2023-28364,0,0,b8e69a33d67631d2c3d239f1c01280f5576d4f6621054c060df4f07489827dbc,2024-11-21T07:54:55.643000 CVE-2023-28365,0,0,4859f30e6a1c91c44b3748aad21832f67bb60327910ad2139bb1ab931e722eee,2024-12-12T18:54:11.327000 CVE-2023-28366,0,0,960802829fc443cdad65c26e57c943b97bd525d1c3e69a293aaac3644999e79b,2024-11-21T07:54:55.887000 @@ -229355,7 +229355,7 @@ CVE-2023-38032,0,0,aa2f8b2079aab5d644970a30e48ac48eb85abbd522684fe17754100401e0e CVE-2023-38033,0,0,4be9698fa9dd0cacdb62bf1057bd9da305a437591f9194cf06d595e16802d334,2024-11-21T08:12:42.970000 CVE-2023-38034,0,0,081598c8b55d3aa43e7d310ebcf31b7ec47c08b5aae01d60a9f9e55b7cdb47cc,2024-11-21T08:12:43.107000 CVE-2023-38035,0,0,92640fff4395ac24e8d5c20e07c44ab0e97351ee018b5491f08a52b994403d7f,2024-12-20T17:50:25.653000 -CVE-2023-38037,1,1,ec4911682e67d242a6823b9f7fc4fe8a2685db963caf9a6014d11542619bbb15,2025-01-09T01:15:07.853000 +CVE-2023-38037,0,0,ec4911682e67d242a6823b9f7fc4fe8a2685db963caf9a6014d11542619bbb15,2025-01-09T01:15:07.853000 CVE-2023-38039,0,0,aa7b561d4c683a5cad232ce980133262e25984154771669a007453da54145604,2024-11-21T08:12:43.457000 CVE-2023-3804,0,0,f82e32f2db1263f9331724638e062f3a20087ab485797bbd9380b32670e68adc,2024-11-21T08:18:06.293000 CVE-2023-38040,0,0,50ded9b2062da33f47fa19ba0f8f6125ce0832d2b933587cab7df27c962ee968,2024-11-21T08:12:43.633000 @@ -245653,10 +245653,22 @@ CVE-2024-13194,0,0,2a7c6431ba7750707b490e0e8411f67ee26bccfd5cf0a2cbbd7c5b0abb397 CVE-2024-13195,0,0,5639a83d0501cc605465f7b64f0801b5442c153e6f6a4f96ce5d46cba8fbd274,2025-01-09T00:15:25.570000 CVE-2024-13196,0,0,76108c70179f729ed3fdffba7e6e0647713f92c1e300a80b4d66476a546ce611,2025-01-09T00:15:25.760000 CVE-2024-13197,0,0,9d5153b5ece20b4134fcd83d45bfb87bfa57926a52f471a54f4b78f71b505855,2025-01-09T00:15:25.973000 -CVE-2024-13198,1,1,fb551fc384ea0792648d5bb66449568fc33fc94e148fe1e77af2f5295ee93a0d,2025-01-09T01:15:07.970000 -CVE-2024-13199,1,1,74cca34a7d6812099d39c24587e1ca3fb7095e9d4c634b9fd2572aab9ae8a82e,2025-01-09T01:15:08.170000 +CVE-2024-13198,0,0,fb551fc384ea0792648d5bb66449568fc33fc94e148fe1e77af2f5295ee93a0d,2025-01-09T01:15:07.970000 +CVE-2024-13199,0,0,74cca34a7d6812099d39c24587e1ca3fb7095e9d4c634b9fd2572aab9ae8a82e,2025-01-09T01:15:08.170000 CVE-2024-1320,0,0,80370b3cf95d31a327dfcead0766151687bef5425baa11f9a4606b327981e1e5,2024-11-21T08:50:19.647000 +CVE-2024-13200,1,1,23aa3e94582350485df0ae1018ff31c7a2c62819baa08903df7e716f12383814,2025-01-09T03:15:23.820000 +CVE-2024-13201,1,1,98f9e9029ecdad1b3085258c9d21a620f38d90ac00edbfea61330f3072ab29fb,2025-01-09T03:15:24.020000 +CVE-2024-13202,1,1,fcc0d41315cbf872ad3f8ed3c4bf434e97528b65abb99250267aa9cd85514824,2025-01-09T03:15:24.220000 +CVE-2024-13203,1,1,819c261d60fcd7e19a6b1cc262670172b97a373b3e5bcd2e58b29355523bf351,2025-01-09T03:15:24.410000 +CVE-2024-13204,1,1,29b356ed8e68b4bf4c454a187403ce827799c9b4a8c71e1fb3c28ca6727e9acb,2025-01-09T03:15:24.603000 +CVE-2024-13205,1,1,d739c71f3d86131a746eaa4249d12b3ae719885126fa157fb0f7f8b183987902,2025-01-09T03:15:24.800000 +CVE-2024-13206,1,1,3592680ac4f9d21850041d74074be88a605be70d439b1229b27538d812be260a,2025-01-09T04:15:10.990000 +CVE-2024-13209,1,1,ba59362766f93c6d18b5a8987b5e8a847432c789f656b7315b541fc0de12a958,2025-01-09T04:15:11.683000 CVE-2024-1321,0,0,64c53fddfcf700442bf3bc09eea0aa8fb2f1c68b08bca44e74ca22c8291fb906,2024-11-21T08:50:19.770000 +CVE-2024-13210,1,1,9c2837491698d24f5000afb3d19abcc16178fc7ed798d9056bbf57ed270987f3,2025-01-09T04:15:11.890000 +CVE-2024-13211,1,1,b1a0c32a461a305b01a40862066c26a2707cb98e558725b9d5012e71185e54b1,2025-01-09T04:15:12.077000 +CVE-2024-13212,1,1,ff0beb27cac65c4a6f3cc8b1da05d950e23c9771e58602d6b2e6c2e39adc6fef,2025-01-09T04:15:12.277000 +CVE-2024-13213,1,1,016ccce3890e239ab31550e74b6985f8dec7be64ed2f65e683828d651c08f2a3,2025-01-09T04:15:12.453000 CVE-2024-1322,0,0,a87df03aa9d8a817a942ae8ebad8afc3111ac175155d7ee73a384181ec986bff,2024-11-21T08:50:19.883000 CVE-2024-1323,0,0,63ac2cb10ca4755662ac35d59563526e26b5fa0e58c6b5db1bc1601423d748c8,2024-11-21T08:50:20.007000 CVE-2024-1324,0,0,0549bb3be448975952143ae81e24b0d5f65c09ae2158391af7244cb59e87fadb,2024-11-21T08:50:20.130000 @@ -252555,7 +252567,7 @@ CVE-2024-27976,0,0,822a5af21c1e2c8fd675938b70649904f7b60e8d1b30e50919271624e829e CVE-2024-27977,0,0,32c3ab10b4aaf757c630e2f8e271f8b8b7bdb65e5c29242ffffe4966a9401d4d,2024-11-21T09:05:33.017000 CVE-2024-27978,0,0,fcf4a7e5ff185d237258fd9843b63a3870e8188564ad41e6f5398b29b01f25a9,2024-11-21T09:05:33.160000 CVE-2024-2798,0,0,02bbbbc174936596cacb64e969c47fdaf9ea9d5d50ce2fb4c6278f77750d1239,2024-11-21T09:10:32.713000 -CVE-2024-27980,1,1,02c4f95c9008c2a1314141ff05547c3191a48e82bdffb71184cb7fa2f7aa2ec0,2025-01-09T01:15:08.367000 +CVE-2024-27980,0,0,02c4f95c9008c2a1314141ff05547c3191a48e82bdffb71184cb7fa2f7aa2ec0,2025-01-09T01:15:08.367000 CVE-2024-27981,0,0,5ad287609e78a5c57ad9f50892c9f3767ac8a9a55b04be511b8a794f3a0d6265,2024-11-21T09:05:33.330000 CVE-2024-27982,0,0,3b4edd38916d4b70e6bd265fb1fcaa37369c9af685bd7f99d27c1bbef3d48182,2024-11-21T09:05:33.463000 CVE-2024-27983,0,0,b2589cbbb580d16047bd9ecbfda79c782676d32c5fdcf965b61589244d8bb50d,2024-11-21T09:05:33.613000 @@ -259591,7 +259603,7 @@ CVE-2024-37369,0,0,1e88eb5f5adf1276637dbaba0a7c52eb8dc9f408ec525268bf434428ef890 CVE-2024-3737,0,0,1e7e08e04e47caa48d640f74851eafaab438e97c9be949f434d488cc0d98f3aa,2024-11-21T09:30:16.790000 CVE-2024-37370,0,0,adda354b76b8fa58bd9731c96d1e30a3ccd5dbce3e4544cb7fb32e40dfeb9a83,2024-11-21T09:23:43.537000 CVE-2024-37371,0,0,d5bd17b13bbf8a5c0a4f444cac6792f0b0ada0b42f4cbb75fb993722f35ef31e,2024-11-21T09:23:43.740000 -CVE-2024-37372,1,1,6fc519408d8926ed94b1fa842b26c843dc5f3325fcbf1a55d0b5757cb1c05021,2025-01-09T01:15:08.500000 +CVE-2024-37372,0,0,6fc519408d8926ed94b1fa842b26c843dc5f3325fcbf1a55d0b5757cb1c05021,2025-01-09T01:15:08.500000 CVE-2024-37373,0,0,2847e99c027e210636b1d596d67704fa58348616cd3faf9bd4b3793a4d930cde,2024-08-15T17:31:32.407000 CVE-2024-37376,0,0,bc526bae202cd53fd7d437324fb7b06b20355a99aa96acae85cbee93a0566dd9,2024-11-13T17:01:16.850000 CVE-2024-37377,0,0,caef14ff514966e0f1ee38c7ff4edbc7bd09ca12f789eaaa3ae9e03a1f92295a,2024-12-12T15:15:13.500000 @@ -270776,7 +270788,7 @@ CVE-2024-53554,0,0,21a54d7bc341c058102c672add5c6a39faba0998e6b5d3050bab27868ab59 CVE-2024-53555,0,0,98c9cd71300d5c5a0ee8cfe56c2efb641372e5ee4508b44193ca67680ed7c7bd,2024-11-26T21:15:08.560000 CVE-2024-53556,0,0,197a1e9e5d0cdfa43597989d9978403511315370ea045225b596c7a587a5fd41,2024-11-27T17:15:14.917000 CVE-2024-5356,0,0,8f1946b6e2ffce8dd75d8f13404335223fd7f289a256fdd41018e919f0c821b6,2024-11-21T09:47:29.267000 -CVE-2024-53564,0,1,088356e947b4dc3fae4f93133474dcecee5055d22bb16791bf202333b2575126,2025-01-09T01:15:08.627000 +CVE-2024-53564,0,0,088356e947b4dc3fae4f93133474dcecee5055d22bb16791bf202333b2575126,2025-01-09T01:15:08.627000 CVE-2024-53566,0,0,fc369a1b56664965996271c6928e1c8e2a064ca2d4eb527d8b2effd8b48ca032,2024-12-02T18:15:11.500000 CVE-2024-5357,0,0,9057606a4938c9bbcd6685626eec47e410331b31cc1665fb8c9e75b9a990e3a5,2024-11-21T09:47:29.400000 CVE-2024-5358,0,0,ba9d3d6f584bd09e4f2a4dbb07d0235a0771fbffd077ecd2b7b801a3c6466c2b,2024-11-21T09:47:29.543000 @@ -272452,6 +272464,8 @@ CVE-2024-56802,0,0,2bf17880ee10109df3dc3a46015118efb291ba7061a269a28cfa534f6af9e CVE-2024-56803,0,0,5af6b53ef642536234b1144a6b5e8ae5f304fb932318cbb15508f9cbfed0d7e0,2024-12-31T23:15:41.553000 CVE-2024-5681,0,0,25a463be80d3bb29af40554a62ba0e4276aefee689d98e36dee0bcfe769073f6,2024-11-21T09:48:08.953000 CVE-2024-5682,0,0,61babb4b22790f05b1e6fb044157f817a85668af929c91e823c0d3ae99b2f335,2024-09-20T12:30:51.220000 +CVE-2024-56826,1,1,c51fc9171c82274e10f1734889cc72fa21b0b73763369bcb379630d776bc4c1a,2025-01-09T04:15:12.660000 +CVE-2024-56827,1,1,51125e31b9942484aba52fab4157819a040f3122f142a5dc92f3dfc0facfd3db,2025-01-09T04:15:12.840000 CVE-2024-56828,0,0,58462cf48b4567824edfeec2a5b2d05411df2bbb14eef3534ab916b80e082c5f,2025-01-06T18:15:23.467000 CVE-2024-56829,0,0,fb517ef6b7f51e566ba1e37004f2890737a0fef0bcdec303fd5ff6dcfac6c408,2025-01-06T21:15:15.300000 CVE-2024-5683,0,0,881352e7cddbf9570cae104e43894ad6185c01dcb07cd1be33b2f8fea4b1c33b,2024-11-21T09:48:09.327000 @@ -276186,7 +276200,7 @@ CVE-2025-0244,0,0,4dc39d4eb7e9626e46633620b63b126f4ca8c432d219058ffa0df86e8e17d0 CVE-2025-0245,0,0,17124b2bb78bf9f026108e77a44161cf6b567d6714acd6476cda81e3148b7689,2025-01-08T16:15:37.693000 CVE-2025-0246,0,0,f212da1e386aff9790e671db2401da03b9d2ebbeea4ee1b40e830ef0d58e3da6,2025-01-08T16:15:37.880000 CVE-2025-0247,0,0,19788955cc9b607e55d300602d56942e119086cfe1c51c09f21df249cc649c46,2025-01-08T15:15:21.033000 -CVE-2025-0282,0,1,d61ebd3c832aef5272fa20364c759f17a80fd9cb0737dd97040687ac5893e46b,2025-01-09T02:00:01.633000 +CVE-2025-0282,0,0,d61ebd3c832aef5272fa20364c759f17a80fd9cb0737dd97040687ac5893e46b,2025-01-09T02:00:01.633000 CVE-2025-0283,0,0,573fcb41d2dcbb5f422c0804f1f8b289f75a27c245f0e6d9cb198c03e2e8d415,2025-01-08T23:15:09.920000 CVE-2025-0291,0,0,e64e166dc7ec231b6921ab6e7b688950a3c44d4ac259882cc427bcb73fed1fd1,2025-01-08T20:15:29.353000 CVE-2025-0294,0,0,e5d86f9b17bdfc744e2441f17af376b91232f83a0091836e1403d549321b0bdf,2025-01-07T15:15:12.113000 @@ -276197,6 +276211,7 @@ CVE-2025-0298,0,0,ec923ed4b9b6afa6228d656ddb0c601f5ebbf31d02abf4f38a99c8dda70d2f CVE-2025-0299,0,0,46c993a70c9dd5843cd4dc3486123b8f79f076cb607c745df442454088b3fb74,2025-01-07T19:15:34.743000 CVE-2025-0300,0,0,6462b093b202cdda5c643638789beb08104cb14d8ff95eb1f2f740fecb0f8630,2025-01-07T17:15:32.090000 CVE-2025-0301,0,0,db7e09db06a3c89075ef99c6e0773ce8d9b6391802870d788b13b4dc1d994dbc,2025-01-07T18:15:21.460000 +CVE-2025-0306,1,1,b68f04c884b94c2988081809303425e8fc9d9a1826584b2811a6c0892a02e108,2025-01-09T04:15:13 CVE-2025-20123,0,0,7f3b728d3f9cbfa875df0a45e50a08c953f805f15b1141475f4e31dfbed0e1d1,2025-01-08T16:15:38.150000 CVE-2025-20126,0,0,1585188395ef0aa5a894bbea6d526bdf238d58865dbcb187ac89434fb8c590b9,2025-01-08T19:15:38.553000 CVE-2025-20166,0,0,b11a57811b63f7d2208067ccc65af65bb9e1761d9a36811f745adce498b4e21f,2025-01-08T17:15:16.990000