admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-02-17T05:00:47.801195+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-02-17 05:04:17 +00:00
parent a2b94f38b5
commit 78c55f19f5
11 changed files with 958 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
CVE-2024/CVE-2024-85xx/CVE-2024-8584.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-8584",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2024-09-09T03:15:09.723",
"lastModified": "2024-09-13T10:15:17.263",
"lastModified": "2025-02-17T04:15:08.240",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Orca HCM from LEARNING DIGITAL does not properly restrict access to a specific functionality, allowing unauthenticated remote attacker to exploit this functionality to create an account with administrator privilege and subsequently use it to log in. (\u00a0The vendor is currently addressing the vulnerability. Once the fix is completed, we will provide information on the affected versions.)"
"value": "Orca HCM from LEARNING DIGITAL has an Missing Authentication vulnerability, allowing unauthenticated remote attacker to exploit this functionality to create an account with administrator privilege and subsequently use it to log in."
},
{
"lang": "es",
@ -19,7 +19,7 @@
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
@ -42,17 +42,17 @@
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
"value": "CWE-306"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",

137
CVE-2025/CVE-2025-13xx/CVE-2025-1370.json Normal file
View File

@ -0,0 +1,137 @@
{
"id": "CVE-2025-1370",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-02-17T03:15:09.223",
"lastModified": "2025-02-17T03:15:09.223",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in MicroWorld eScan Antivirus 7.0.32 on Linux. Affected by this issue is the function sprintf of the file epsdaemon of the component Autoscan USB. The manipulation leads to os command injection. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"baseScore": 4.3,
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 3.1,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
},
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://github.com/dmknght/FIS_RnD/blob/main/escan_av_usb_protection_multiple_vulns.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.295976",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.295976",
"source": "cna@vuldb.com"
}
]
}

153
CVE-2025/CVE-2025-13xx/CVE-2025-1371.json Normal file
View File

@ -0,0 +1,153 @@
{
"id": "CVE-2025-1371",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-02-17T03:15:09.400",
"lastModified": "2025-02-17T03:15:09.400",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in GNU elfutils 0.192 and classified as problematic. This vulnerability affects the function handle_dynamic_symtab of the file readelf.c of the component eu-read. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is identified as b38e562a4c907e08171c76b8b2def8464d5a104a. It is recommended to apply a patch to fix this issue."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"baseScore": 3.3,
"baseSeverity": "LOW",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P",
"baseScore": 1.7,
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "LOW",
"exploitabilityScore": 3.1,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-404"
},
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://sourceware.org/bugzilla/attachment.cgi?id=15926",
"source": "cna@vuldb.com"
},
{
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32655",
"source": "cna@vuldb.com"
},
{
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32655#c2",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.295978",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.295978",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.496484",
"source": "cna@vuldb.com"
},
{
"url": "https://www.gnu.org/",
"source": "cna@vuldb.com"
}
]
}

157
CVE-2025/CVE-2025-13xx/CVE-2025-1372.json Normal file
View File

@ -0,0 +1,157 @@
{
"id": "CVE-2025-1372",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-02-17T03:15:09.573",
"lastModified": "2025-02-17T03:15:09.573",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in GNU elfutils 0.192. It has been declared as critical. Affected by this vulnerability is the function dump_data_section/print_string_section of the file readelf.c of the component eu-readelf. The manipulation of the argument z/x leads to buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 73db9d2021cab9e23fd734b0a76a612d52a6f1db. It is recommended to apply a patch to fix this issue."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"baseScore": 4.3,
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 3.1,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://sourceware.org/bugzilla/attachment.cgi?id=15927",
"source": "cna@vuldb.com"
},
{
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32656",
"source": "cna@vuldb.com"
},
{
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32656#c3",
"source": "cna@vuldb.com"
},
{
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32657",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.295981",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.295981",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.496485",
"source": "cna@vuldb.com"
},
{
"url": "https://www.gnu.org/",
"source": "cna@vuldb.com"
}
]
}

153
CVE-2025/CVE-2025-13xx/CVE-2025-1373.json Normal file
View File

@ -0,0 +1,153 @@
{
"id": "CVE-2025-1373",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-02-17T04:15:08.447",
"lastModified": "2025-02-17T04:15:08.447",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in FFmpeg up to 7.1. It has been rated as problematic. Affected by this issue is the function mov_read_trak of the file libavformat/mov.c of the component MOV Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The patch is identified as 43be8d07281caca2e88bfd8ee2333633e1fb1a13. It is recommended to apply a patch to fix this issue."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"baseScore": 3.3,
"baseSeverity": "LOW",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P",
"baseScore": 1.7,
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "LOW",
"exploitabilityScore": 3.1,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-404"
},
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://ffmpeg.org/",
"source": "cna@vuldb.com"
},
{
"url": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/43be8d07281caca2e88bfd8ee2333633e1fb1a13",
"source": "cna@vuldb.com"
},
{
"url": "https://trac.ffmpeg.org/attachment/ticket/11460/poc",
"source": "cna@vuldb.com"
},
{
"url": "https://trac.ffmpeg.org/ticket/11460",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.295982",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.295982",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.496930",
"source": "cna@vuldb.com"
}
]
}

145
CVE-2025/CVE-2025-13xx/CVE-2025-1374.json Normal file
View File

@ -0,0 +1,145 @@
{
"id": "CVE-2025-1374",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-02-17T04:15:08.643",
"lastModified": "2025-02-17T04:15:08.643",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in code-projects Real Estate Property Management System 1.0. This affects an unknown part of the file /search.php. The manipulation of the argument StateName/CityName/AreaName/CatId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseScore": 6.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/1337g/realestatepropertymanagement_poc/blob/main/sql-gu2.pdf",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.295983",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.295983",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.499767",
"source": "cna@vuldb.com"
}
]
}

60
CVE-2025/CVE-2025-13xx/CVE-2025-1387.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-1387",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2025-02-17T04:15:08.807",
"lastModified": "2025-02-17T04:15:08.807",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Orca HCM from LEARNING DIGITAL has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to log in to the system as any user."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1390"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/en/cp-139-8428-59a9a-2.html",
"source": "twcert@cert.org.tw"
},
{
"url": "https://www.twcert.org.tw/tw/cp-132-8427-daea8-1.html",
"source": "twcert@cert.org.tw"
}
]
}

60
CVE-2025/CVE-2025-13xx/CVE-2025-1388.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-1388",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2025-02-17T04:15:08.960",
"lastModified": "2025-02-17T04:15:08.960",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Orca HCM from LEARNING DIGITAL has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and run web shells"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/en/cp-139-8430-32513-2.html",
"source": "twcert@cert.org.tw"
},
{
"url": "https://www.twcert.org.tw/tw/cp-132-8429-07d7e-1.html",
"source": "twcert@cert.org.tw"
}
]
}

60
CVE-2025/CVE-2025-267xx/CVE-2025-26700.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-26700",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2025-02-17T03:15:09.750",
"lastModified": "2025-02-17T03:15:09.750",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authentication bypass using an alternate path or channel issue exists in \u201dRoboForm Password Manager\" App for Android versions prior to 9.7.4, which may allow an attacker with access to a device where the application is installed to bypass the lock screen and obtain sensitive information."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "vultures@jpcert.or.jp",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 0.9,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "vultures@jpcert.or.jp",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-288"
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU92071645/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.roboform.com/news-android",
"source": "vultures@jpcert.or.jp"
}
]
}

23
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2025-02-17T03:00:45.842199+00:00
2025-02-17T05:00:47.801195+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2025-02-17T02:15:08.830000+00:00
2025-02-17T04:15:08.960000+00:00
```
### Last Data Feed Release
@ -33,23 +33,28 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
281516
281524
```
### CVEs added in the last Commit
Recently added CVEs: `4`
Recently added CVEs: `8`
- [CVE-2025-1366](CVE-2025/CVE-2025-13xx/CVE-2025-1366.json) (`2025-02-17T01:15:10.280`)
- [CVE-2025-1367](CVE-2025/CVE-2025-13xx/CVE-2025-1367.json) (`2025-02-17T01:15:11.090`)
- [CVE-2025-1368](CVE-2025/CVE-2025-13xx/CVE-2025-1368.json) (`2025-02-17T02:15:08.643`)
- [CVE-2025-1369](CVE-2025/CVE-2025-13xx/CVE-2025-1369.json) (`2025-02-17T02:15:08.830`)
- [CVE-2025-1370](CVE-2025/CVE-2025-13xx/CVE-2025-1370.json) (`2025-02-17T03:15:09.223`)
- [CVE-2025-1371](CVE-2025/CVE-2025-13xx/CVE-2025-1371.json) (`2025-02-17T03:15:09.400`)
- [CVE-2025-1372](CVE-2025/CVE-2025-13xx/CVE-2025-1372.json) (`2025-02-17T03:15:09.573`)
- [CVE-2025-1373](CVE-2025/CVE-2025-13xx/CVE-2025-1373.json) (`2025-02-17T04:15:08.447`)
- [CVE-2025-1374](CVE-2025/CVE-2025-13xx/CVE-2025-1374.json) (`2025-02-17T04:15:08.643`)
- [CVE-2025-1387](CVE-2025/CVE-2025-13xx/CVE-2025-1387.json) (`2025-02-17T04:15:08.807`)
- [CVE-2025-1388](CVE-2025/CVE-2025-13xx/CVE-2025-1388.json) (`2025-02-17T04:15:08.960`)
- [CVE-2025-26700](CVE-2025/CVE-2025-267xx/CVE-2025-26700.json) (`2025-02-17T03:15:09.750`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `1`
- [CVE-2024-8584](CVE-2024/CVE-2024-85xx/CVE-2024-8584.json) (`2025-02-17T04:15:08.240`)
## Download and Usage

18
_state.csv
View File

@ -277442,7 +277442,7 @@ CVE-2024-8579,0,0,aa0dbcb6f290bcafc1058815bad0932537e0a68ef93175b8247f3e3960ea44
CVE-2024-8580,0,0,23b04153fc4f6fcda8c7c48c314fbc907b8385742d636499c26c5aa47571048b,2024-09-10T15:47:47.397000
CVE-2024-8582,0,0,65fcbb09db63e99d18014ca3c69c3818fa9472fbb44a0620040b7be3051329dc,2024-09-10T15:48:30.537000
CVE-2024-8583,0,0,f9f207aaffe13392fcc0c78d1622226a2810c37353f3e41b3ab9ecc239900ba9,2024-09-10T15:49:29.103000
CVE-2024-8584,0,0,3ccac9d19c3547ea5075decd00e4da782352376dba423af05602ff3dd53dfb64,2024-09-13T10:15:17.263000
CVE-2024-8584,0,1,b0dc0bea39e7d70469634735abb2deff2bcca9f51dcd1b983d5b1077d93748cb,2025-02-17T04:15:08.240000
CVE-2024-8585,0,0,e43991387496ce0a491b65292cd0d96af1def22b2ac17ab72a4a3d670a6e4784,2024-09-11T15:53:35.693000
CVE-2024-8586,0,0,c81785849ec75f68cf96f0fe3c9f37de440c3e8b7367165a55bfd7289f79313a,2024-09-16T13:28:03.400000
CVE-2024-8587,0,0,3f4faf35adc81197cc4852be3f91d2d540a69580ad3de8383aef603a7f12eff9,2024-12-16T00:15:04.950000
@ -279294,10 +279294,17 @@ CVE-2025-1359,0,0,a74490df0bf9cd453b684197a6da2b817f973233464d2e18244cbcb76e58d0
CVE-2025-1360,0,0,fb0d3aa81a9aae261cf8bbfc32f9a1a37cc5f63f6b37722c4b26a02ea0975887,2025-02-16T21:15:09.970000
CVE-2025-1364,0,0,6c9a498ed4da91fc543c9e0d0bc6b549f91692b353d2222b29ef08d5dcc47090,2025-02-16T23:15:09.087000
CVE-2025-1365,0,0,266b893d22f80eeaffc950fc5e5107cbf76b85b1dd425ff9e622ab0ee02beb92,2025-02-17T00:15:09.140000
CVE-2025-1366,1,1,27d217412c230d14f7fea472a75295f779bc457c8773cd971395f03e9546e238,2025-02-17T01:15:10.280000
CVE-2025-1367,1,1,be3e2e7e8bc50994880767084f7efe0b9708429f4c915e622468e6ae36e6b75a,2025-02-17T01:15:11.090000
CVE-2025-1368,1,1,8de8d22a348a0d6be64b55129b3485441b0f1e6bc73acc4c117f2e997dd51924,2025-02-17T02:15:08.643000
CVE-2025-1369,1,1,ed44e9f7f84e102627e261ff1b5ad37af5334bc9499494cb5f4f8b1dda618055,2025-02-17T02:15:08.830000
CVE-2025-1366,0,0,27d217412c230d14f7fea472a75295f779bc457c8773cd971395f03e9546e238,2025-02-17T01:15:10.280000
CVE-2025-1367,0,0,be3e2e7e8bc50994880767084f7efe0b9708429f4c915e622468e6ae36e6b75a,2025-02-17T01:15:11.090000
CVE-2025-1368,0,0,8de8d22a348a0d6be64b55129b3485441b0f1e6bc73acc4c117f2e997dd51924,2025-02-17T02:15:08.643000
CVE-2025-1369,0,0,ed44e9f7f84e102627e261ff1b5ad37af5334bc9499494cb5f4f8b1dda618055,2025-02-17T02:15:08.830000
CVE-2025-1370,1,1,626abf8546cb2fbca8454a5d8bc143446e853cbc205aa5b5f542da1b01c1dc23,2025-02-17T03:15:09.223000
CVE-2025-1371,1,1,d42203759b5fdf525ab79fe4c4dc94235c0953e2185668820f0542fa96cd9a22,2025-02-17T03:15:09.400000
CVE-2025-1372,1,1,7bd9cbee44da9690280c00d51a6bae4a791d035cefb44fae5dfec5b23c1c2f2e,2025-02-17T03:15:09.573000
CVE-2025-1373,1,1,b51154a9a004f1fd27d3158858d9a3700c61f60084062e4248400a4ec2256f83,2025-02-17T04:15:08.447000
CVE-2025-1374,1,1,b7fa05f0c4c2d66fd4f270cc4250c2b3257c8dc0e6f850c49a3e1698d2a969f5,2025-02-17T04:15:08.643000
CVE-2025-1387,1,1,3471c5e221fd26cc82d790d0348e17ce666394a812c51ab6ee55856ad41c6d05,2025-02-17T04:15:08.807000
CVE-2025-1388,1,1,6166d0831a99cbb271e76281dd624232fbaf9903152209f7151545224b25416d,2025-02-17T04:15:08.960000
CVE-2025-20014,0,0,9692e5cd581a413def58e50a6734c5a89401a76673de37fc6a41ad824a4429cc,2025-01-29T20:15:35.207000
CVE-2025-20016,0,0,6fccb84eb01c2cd66b422e82777f9738bfe5004121e1b551d0ae454724543c0e,2025-01-14T10:15:07.500000
CVE-2025-20029,0,0,9b8781ac9a16d1f4940e1c86f8d87c8f1f8e66cb5b362950b6fdcd60c25126c4,2025-02-05T18:15:29.573000
@ -281502,6 +281509,7 @@ CVE-2025-26577,0,0,1471b9d6e9fec6c623a663e5500ad54800d22aa03d3125ea0ff8be8b0728f
CVE-2025-26578,0,0,1ba1d37a5d1af1d2f76239a6f2ed820c7ad94689f9ccc172f7eecaa56fe90e3f,2025-02-13T14:16:23.990000
CVE-2025-26580,0,0,c808557e22a6d83e87ce5992c6ff2cdddda2d2aa66f5a321875aca0441d9569c,2025-02-13T14:16:24.250000
CVE-2025-26582,0,0,00823840b86fea4d98d4ba8da828de8ef859573fc8d1e89f9ae001b9d6f9a267,2025-02-13T14:16:24.407000
CVE-2025-26700,1,1,a62049a64dad278ca1213054f25f2aed479e1d05d98e9fdc2dc613607ff558b5,2025-02-17T03:15:09.750000
CVE-2025-26755,0,0,ab55ada10e2471e3f3b6d39ba7098336ac0a1b0769fa3f43fd2c4de0b71599ce,2025-02-16T23:15:10.627000
CVE-2025-26759,0,0,aa971f4308d9dde025f5e1ad7daa8f065b0641c9cb32130c8a995de32816229c,2025-02-16T23:15:10.777000
CVE-2025-26761,0,0,130481f4b28cc5ac3e58302d2cdf3485b24296b75bca4ad9bb67ba26ddaffc38,2025-02-16T23:15:10.920000

Can't render this file because it is too large.