From 7f65e1749f62160ea58b48f9d4906186721b4af4 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sat, 1 Feb 2025 17:03:47 +0000 Subject: [PATCH] Auto-Update: 2025-02-01T17:00:20.703487+00:00 --- CVE-2025/CVE-2025-09xx/CVE-2025-0945.json | 141 ++++++++++++++++++++++ CVE-2025/CVE-2025-09xx/CVE-2025-0946.json | 141 ++++++++++++++++++++++ README.md | 13 +- _state.csv | 8 +- 4 files changed, 293 insertions(+), 10 deletions(-) create mode 100644 CVE-2025/CVE-2025-09xx/CVE-2025-0945.json create mode 100644 CVE-2025/CVE-2025-09xx/CVE-2025-0946.json diff --git a/CVE-2025/CVE-2025-09xx/CVE-2025-0945.json b/CVE-2025/CVE-2025-09xx/CVE-2025-0945.json new file mode 100644 index 00000000000..da9147f5e3c --- /dev/null +++ b/CVE-2025/CVE-2025-09xx/CVE-2025-0945.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-0945", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-02-01T15:15:08.320", + "lastModified": "2025-02-01T15:15:08.320", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in itsourcecode Tailoring Management System 1.0. Affected is an unknown function of the file typedelete.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/magic2353112890/cve/issues/7", + "source": "cna@vuldb.com" + }, + { + "url": "https://itsourcecode.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.294300", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.294300", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-09xx/CVE-2025-0946.json b/CVE-2025/CVE-2025-09xx/CVE-2025-0946.json new file mode 100644 index 00000000000..d9249176432 --- /dev/null +++ b/CVE-2025/CVE-2025-09xx/CVE-2025-0946.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-0946", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-02-01T16:15:27.180", + "lastModified": "2025-02-01T16:15:27.180", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. Affected by this vulnerability is an unknown functionality of the file templatedelete.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/magic2353112890/cve/issues/7", + "source": "cna@vuldb.com" + }, + { + "url": "https://itsourcecode.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.294301", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.294301", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 4a623cde3d1..d04f69929a8 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-02-01T15:00:19.917845+00:00 +2025-02-01T17:00:20.703487+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-02-01T13:15:23.027000+00:00 +2025-02-01T16:15:27.180000+00:00 ``` ### Last Data Feed Release @@ -33,16 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -279752 +279754 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `2` -- [CVE-2024-13612](CVE-2024/CVE-2024-136xx/CVE-2024-13612.json) (`2025-02-01T13:15:21.320`) -- [CVE-2024-13775](CVE-2024/CVE-2024-137xx/CVE-2024-13775.json) (`2025-02-01T13:15:22.847`) -- [CVE-2025-0944](CVE-2025/CVE-2025-09xx/CVE-2025-0944.json) (`2025-02-01T13:15:23.027`) +- [CVE-2025-0945](CVE-2025/CVE-2025-09xx/CVE-2025-0945.json) (`2025-02-01T15:15:08.320`) +- [CVE-2025-0946](CVE-2025/CVE-2025-09xx/CVE-2025-0946.json) (`2025-02-01T16:15:27.180`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 1d91e3eba6a..ed51d080acd 100644 --- a/_state.csv +++ b/_state.csv @@ -246372,7 +246372,7 @@ CVE-2024-13596,0,0,2b347cb4a79836e676774e7c831f562b3de9868f3b716c19ca500dd58b690 CVE-2024-13599,0,0,8416ac4ba24e0470447a5d54bcb4a58d565d7b0165c1a9d0f1a855bfbf0c1c7d,2025-01-25T08:15:10.357000 CVE-2024-1360,0,0,a87675d91847a9b72ed5368695c7c67c099276d1667e5e94dc544f268946892c,2024-11-21T08:50:24.707000 CVE-2024-1361,0,0,8a11a93152fbfa05be2934d541581f2e8e8c1350c348ceb554a6a47ec08e0e2f,2025-01-15T18:39:23.493000 -CVE-2024-13612,1,1,f0c3e3f55ca6b4ca35bac236a126cd1995e073b744e2e5e3f3cdcfc3b1871559,2025-02-01T13:15:21.320000 +CVE-2024-13612,0,0,f0c3e3f55ca6b4ca35bac236a126cd1995e073b744e2e5e3f3cdcfc3b1871559,2025-02-01T13:15:21.320000 CVE-2024-1362,0,0,ebe61894e3dd1fecb8d4711188e9d8f7e6a2ff043508a2ee93131b033a0336dd,2025-01-15T18:40:30.490000 CVE-2024-13623,0,0,2cada29a90e918414353741b6e3b8cf08dc12a83860192531fa76e51a17031e8,2025-01-31T07:15:09.830000 CVE-2024-1363,0,0,d8d6ccccee9c9def4bc84105015213aa12c981523f1a518cfb483c29cffbd734,2024-11-21T08:50:25.093000 @@ -246418,7 +246418,7 @@ CVE-2024-13758,0,0,2e4bd9fb3fef024cef02d2b8f2dacb7555196f6b2dc915351eaf15ff5ed33 CVE-2024-1376,0,0,34411a3106e4c74f2617f4da0b50ff6e7d812385caea8af0b8361fb64d6e9d04,2024-11-21T08:50:26.737000 CVE-2024-13767,0,0,637f964cc18d2f02c2957e6987a03c02d6a99ae90fe95c08f63815c95a4ae60e,2025-01-31T03:15:10.693000 CVE-2024-1377,0,0,76446229d1bded69224cd2e98212f244bd2380b3470adb0152ce2b85f9216c33,2025-01-07T18:20:57.347000 -CVE-2024-13775,1,1,9536a1d224d76ca86a49ff8329a6d6eada5d7b2276781196b127fced05bd606f,2025-02-01T13:15:22.847000 +CVE-2024-13775,0,0,9536a1d224d76ca86a49ff8329a6d6eada5d7b2276781196b127fced05bd606f,2025-02-01T13:15:22.847000 CVE-2024-1378,0,0,041aa523b6aa5691bc95edbf2c3845e6125399d35aa90aa412089416e101b866,2024-11-21T08:50:26.997000 CVE-2024-1379,0,0,d57d063aae1fbcb792bd04eccc73dc16507c20c6267e19d5bea5a4e5413062c5,2024-11-21T08:50:27.157000 CVE-2024-1380,0,0,32754257dbe0d08bc78fbf9b54e12b7a4d3239b3c88ea55da38aca571da65692,2025-01-31T13:26:51.163000 @@ -278253,7 +278253,9 @@ CVE-2025-0934,0,0,e3663ee9a4c4fab98de0a308775cdf9833b791256f04cc964b86e7e2758a3b CVE-2025-0938,0,0,f483a985147355beda1ac5ec6a46732d1e38a3e469c32fde2fdbbf0317921d33,2025-01-31T20:15:33.083000 CVE-2025-0939,0,0,4fee9d9bf91b5fba4fb21bcf1da5a530cf0306cb5ecc2eae58c32ef5efdc8b24,2025-02-01T07:15:08.097000 CVE-2025-0943,0,0,d4beefef9f033db94e741551c1c44f80d0a15c5f160db1305b65e51b448ddcf2,2025-02-01T11:15:08.457000 -CVE-2025-0944,1,1,466fd010105c25b8c1cb799c1a662d0d3d59d16cdf2170bb14c4a5fe916ca896,2025-02-01T13:15:23.027000 +CVE-2025-0944,0,0,466fd010105c25b8c1cb799c1a662d0d3d59d16cdf2170bb14c4a5fe916ca896,2025-02-01T13:15:23.027000 +CVE-2025-0945,1,1,c0dd6e95d513219a7236596b3342d0d9b78fd732ae49d117e638d1e71c2f9eba,2025-02-01T15:15:08.320000 +CVE-2025-0946,1,1,cdf09a9e00f9b09af1120c064387c6b9fc703bcb0a087c9cb861518902d040fb,2025-02-01T16:15:27.180000 CVE-2025-20014,0,0,708b5660539e4ab2830a732991daead462d3c8df88b4205953edf58b017cb8b0,2025-01-29T20:15:35.207000 CVE-2025-20016,0,0,6fccb84eb01c2cd66b422e82777f9738bfe5004121e1b551d0ae454724543c0e,2025-01-14T10:15:07.500000 CVE-2025-20033,0,0,6c60c85e451f1d6db70378d678ddf83dacc7c823ecfb493748ed6d94114eff49,2025-01-09T07:15:28.450000