From 867513e347e452dbfb59bdcf383b66559f5c62e9 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sun, 16 Feb 2025 23:03:48 +0000 Subject: [PATCH] Auto-Update: 2025-02-16T23:00:19.200620+00:00 --- CVE-2025/CVE-2025-10xx/CVE-2025-1094.json | 6 +- CVE-2025/CVE-2025-13xx/CVE-2025-1360.json | 137 ++++++++++++++++++++++ README.md | 15 ++- _state.csv | 9 +- 4 files changed, 154 insertions(+), 13 deletions(-) create mode 100644 CVE-2025/CVE-2025-13xx/CVE-2025-1360.json diff --git a/CVE-2025/CVE-2025-10xx/CVE-2025-1094.json b/CVE-2025/CVE-2025-10xx/CVE-2025-1094.json index ad7884f583c..21eecd775d2 100644 --- a/CVE-2025/CVE-2025-10xx/CVE-2025-1094.json +++ b/CVE-2025/CVE-2025-10xx/CVE-2025-1094.json @@ -2,7 +2,7 @@ "id": "CVE-2025-1094", "sourceIdentifier": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "published": "2025-02-13T13:15:09.130", - "lastModified": "2025-02-13T22:15:11.300", + "lastModified": "2025-02-16T21:15:09.343", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -56,6 +56,10 @@ "url": "https://www.postgresql.org/support/security/CVE-2025-1094/", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007" }, + { + "url": "http://www.openwall.com/lists/oss-security/2025/02/16/3", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, { "url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00015.html", "source": "af854a3a-2127-422b-91ae-364da2661108" diff --git a/CVE-2025/CVE-2025-13xx/CVE-2025-1360.json b/CVE-2025/CVE-2025-13xx/CVE-2025-1360.json new file mode 100644 index 00000000000..09464391c84 --- /dev/null +++ b/CVE-2025/CVE-2025-13xx/CVE-2025-1360.json @@ -0,0 +1,137 @@ +{ + "id": "CVE-2025-1360", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-02-16T21:15:09.970", + "lastModified": "2025-02-16T21:15:09.970", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as problematic, was found in Internet Web Solutions Sublime CRM up to 20250207. Affected is an unknown function of the file /crm/inicio.php of the component HTTP POST Request Handler. The manipulation of the argument msg_to leads to cross site scripting. It is possible to launch the attack remotely. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 3.5, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseScore": 4.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.295968", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.295968", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.496469", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index e24108ba94d..9e429415a27 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-02-16T21:00:19.774605+00:00 +2025-02-16T23:00:19.200620+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-02-16T20:15:08.817000+00:00 +2025-02-16T21:15:09.970000+00:00 ``` ### Last Data Feed Release @@ -33,22 +33,21 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -281490 +281491 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `1` -- [CVE-2025-1357](CVE-2025/CVE-2025-13xx/CVE-2025-1357.json) (`2025-02-16T19:15:09.500`) -- [CVE-2025-1358](CVE-2025/CVE-2025-13xx/CVE-2025-1358.json) (`2025-02-16T20:15:07.990`) -- [CVE-2025-1359](CVE-2025/CVE-2025-13xx/CVE-2025-1359.json) (`2025-02-16T20:15:08.817`) +- [CVE-2025-1360](CVE-2025/CVE-2025-13xx/CVE-2025-1360.json) (`2025-02-16T21:15:09.970`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `1` +- [CVE-2025-1094](CVE-2025/CVE-2025-10xx/CVE-2025-1094.json) (`2025-02-16T21:15:09.343`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 037fe8eb77e..4a54d7c52c8 100644 --- a/_state.csv +++ b/_state.csv @@ -279167,7 +279167,7 @@ CVE-2025-1083,0,0,16064cc59146b17006d53d67046a65a9c0b364257a94b2b373fa99c27da341 CVE-2025-1084,0,0,93fee3949ec546a58cb9da1c1619fb657dbde041632da87d4ac6e93d0d865098,2025-02-07T00:15:28.180000 CVE-2025-1085,0,0,1ad67fc3dcecff349f45b0918fd96e4db08dcd56b6d0ad12a44043dc90d21f08,2025-02-07T01:15:07.930000 CVE-2025-1086,0,0,224643d9b2f43f102432df09cca95386bdc4432ae24da6e421d85411b67c24c6,2025-02-07T02:15:30.523000 -CVE-2025-1094,0,0,9683dfd46989464f0232d36ebebd9a02d27fe6142df4d24d670676374bdb19a7,2025-02-13T22:15:11.300000 +CVE-2025-1094,0,1,b07fd7d687c4d4f9d8c1ba5d39ae50400f09d18869483cbd7610c5bc9b8a854d,2025-02-16T21:15:09.343000 CVE-2025-1096,0,0,f369ee58dbaa6e142f3d975d8711cac15a0a303facd75e898c558f3e454cc535,2025-02-08T01:15:07.947000 CVE-2025-1099,0,0,866ea005495998eedc94be57a64f094566d9af9b611a4dc7ae3f41bc7a1f4d42,2025-02-14T12:15:29.460000 CVE-2025-1100,0,0,006211606093ec28f1ff8daf942d69911ef4c534c65359a0897a00ee27f87cf6,2025-02-12T14:15:31.647000 @@ -279286,9 +279286,10 @@ CVE-2025-1353,0,0,a316f11e73501222d7275028224ec2135788f80ecfa55a4dc98afa0b590b3f CVE-2025-1354,0,0,3d7667bfcb2c0b251ddb0a6e2cd2d09c76acedbca3edf8c1b754b38382240774,2025-02-16T16:15:19.253000 CVE-2025-1355,0,0,2b32faeae86cf10a841d554d3f1028e038f2f84a86d16604e50e5f2d459277b4,2025-02-16T17:15:07.973000 CVE-2025-1356,0,0,ad47206c360f81c88d742a140cb46365165054af6533ecf378500f5e98562fa1,2025-02-16T18:15:07.383000 -CVE-2025-1357,1,1,4433e1005a5e4201fdc796c40c8e7b39186d5a371766813fcd3008d782d857bd,2025-02-16T19:15:09.500000 -CVE-2025-1358,1,1,9ec04afb65270064953f92f1f98c94b6c7f923699eb2bc5c685de93fafaa422a,2025-02-16T20:15:07.990000 -CVE-2025-1359,1,1,a74490df0bf9cd453b684197a6da2b817f973233464d2e18244cbcb76e58d0cd,2025-02-16T20:15:08.817000 +CVE-2025-1357,0,0,4433e1005a5e4201fdc796c40c8e7b39186d5a371766813fcd3008d782d857bd,2025-02-16T19:15:09.500000 +CVE-2025-1358,0,0,9ec04afb65270064953f92f1f98c94b6c7f923699eb2bc5c685de93fafaa422a,2025-02-16T20:15:07.990000 +CVE-2025-1359,0,0,a74490df0bf9cd453b684197a6da2b817f973233464d2e18244cbcb76e58d0cd,2025-02-16T20:15:08.817000 +CVE-2025-1360,1,1,fb0d3aa81a9aae261cf8bbfc32f9a1a37cc5f63f6b37722c4b26a02ea0975887,2025-02-16T21:15:09.970000 CVE-2025-20014,0,0,9692e5cd581a413def58e50a6734c5a89401a76673de37fc6a41ad824a4429cc,2025-01-29T20:15:35.207000 CVE-2025-20016,0,0,6fccb84eb01c2cd66b422e82777f9738bfe5004121e1b551d0ae454724543c0e,2025-01-14T10:15:07.500000 CVE-2025-20029,0,0,9b8781ac9a16d1f4940e1c86f8d87c8f1f8e66cb5b362950b6fdcd60c25126c4,2025-02-05T18:15:29.573000