From 8752d3174d2deb5204ca10d09948bf1639486d8f Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sat, 5 Jul 2025 04:03:46 +0000 Subject: [PATCH] Auto-Update: 2025-07-05T04:00:11.159045+00:00 --- CVE-2024/CVE-2024-582xx/CVE-2024-58254.json | 64 +++++++++++++++++++++ CVE-2025/CVE-2025-472xx/CVE-2025-47227.json | 64 +++++++++++++++++++++ CVE-2025/CVE-2025-472xx/CVE-2025-47228.json | 64 +++++++++++++++++++++ README.md | 16 +++--- _state.csv | 13 +++-- 5 files changed, 207 insertions(+), 14 deletions(-) create mode 100644 CVE-2024/CVE-2024-582xx/CVE-2024-58254.json create mode 100644 CVE-2025/CVE-2025-472xx/CVE-2025-47227.json create mode 100644 CVE-2025/CVE-2025-472xx/CVE-2025-47228.json diff --git a/CVE-2024/CVE-2024-582xx/CVE-2024-58254.json b/CVE-2024/CVE-2024-582xx/CVE-2024-58254.json new file mode 100644 index 00000000000..d6b8e13d246 --- /dev/null +++ b/CVE-2024/CVE-2024-582xx/CVE-2024-58254.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-58254", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-07-05T02:15:21.127", + "lastModified": "2025-07-05T02:15:21.127", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The rustls crate 0.23.13 before 0.23.18 for Rust, when rustls::server::Acceptor::accept is used, allows a panic via a fragmented TLS ClientHello." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@mitre.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-684" + } + ] + } + ], + "references": [ + { + "url": "https://crates.io/crates/rustls", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/rustls/rustls/issues/2227", + "source": "cve@mitre.org" + }, + { + "url": "https://rustsec.org/advisories/RUSTSEC-2024-0399.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-472xx/CVE-2025-47227.json b/CVE-2025/CVE-2025-472xx/CVE-2025-47227.json new file mode 100644 index 00000000000..7fc7a820063 --- /dev/null +++ b/CVE-2025/CVE-2025-472xx/CVE-2025-47227.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-47227", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-07-05T03:15:30.470", + "lastModified": "2025-07-05T03:15:30.470", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), the Administrator password reset mechanism is mishandled. Making both a GET and a POST request to login.php.is sufficient. An unauthenticated attacker can then bypass authentication via administrator account takeover." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "cve@mitre.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-684" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/synacktiv/CVE-2025-47227_CVE-2025-47228", + "source": "cve@mitre.org" + }, + { + "url": "https://www.scriptcase.net/changelog/", + "source": "cve@mitre.org" + }, + { + "url": "https://www.synacktiv.com/advisories/scriptcase-pre-authenticated-remote-command-execution", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-472xx/CVE-2025-47228.json b/CVE-2025/CVE-2025-472xx/CVE-2025-47228.json new file mode 100644 index 00000000000..d7a55671040 --- /dev/null +++ b/CVE-2025/CVE-2025-472xx/CVE-2025-47228.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-47228", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-07-05T03:15:30.637", + "lastModified": "2025-07-05T03:15:30.637", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), shell injection in the SSH connection settings allows authenticated attackers to execute system commands via crafted HTTP requests." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.5 + } + ] + }, + "weaknesses": [ + { + "source": "cve@mitre.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/synacktiv/CVE-2025-47227_CVE-2025-47228", + "source": "cve@mitre.org" + }, + { + "url": "https://www.scriptcase.net/changelog/", + "source": "cve@mitre.org" + }, + { + "url": "https://www.synacktiv.com/advisories/scriptcase-pre-authenticated-remote-command-execution", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 676b789a8c6..78553cdd318 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-07-05T02:00:11.266622+00:00 +2025-07-05T04:00:11.159045+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-07-05T01:15:28.523000+00:00 +2025-07-05T03:15:30.637000+00:00 ``` ### Last Data Feed Release @@ -33,18 +33,16 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -300441 +300444 ``` ### CVEs added in the last Commit -Recently added CVEs: `5` +Recently added CVEs: `3` -- [CVE-2025-26850](CVE-2025/CVE-2025-268xx/CVE-2025-26850.json) (`2025-07-05T00:15:22.670`) -- [CVE-2025-43711](CVE-2025/CVE-2025-437xx/CVE-2025-43711.json) (`2025-07-05T00:15:23.733`) -- [CVE-2025-53603](CVE-2025/CVE-2025-536xx/CVE-2025-53603.json) (`2025-07-05T01:15:27.360`) -- [CVE-2025-53604](CVE-2025/CVE-2025-536xx/CVE-2025-53604.json) (`2025-07-05T01:15:28.340`) -- [CVE-2025-53605](CVE-2025/CVE-2025-536xx/CVE-2025-53605.json) (`2025-07-05T01:15:28.523`) +- [CVE-2024-58254](CVE-2024/CVE-2024-582xx/CVE-2024-58254.json) (`2025-07-05T02:15:21.127`) +- [CVE-2025-47227](CVE-2025/CVE-2025-472xx/CVE-2025-47227.json) (`2025-07-05T03:15:30.470`) +- [CVE-2025-47228](CVE-2025/CVE-2025-472xx/CVE-2025-47228.json) (`2025-07-05T03:15:30.637`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 6df062d902a..4709ab7b08f 100644 --- a/_state.csv +++ b/_state.csv @@ -278891,6 +278891,7 @@ CVE-2024-58250,0,0,0cee348f53514c8f66fdd102bc185afc75a5fff72792af4fd24660f96ce22 CVE-2024-58251,0,0,3d7ad675c8c4ca6bbb888df41dfca6de49cf5c8949b93c3f966477ed760827bf,2025-04-29T13:52:47.470000 CVE-2024-58252,0,0,2a2069468d2daa333bfc730a8a2bb50390b1a419e092aa9769a9c36c719c1e7b,2025-05-09T19:27:43.937000 CVE-2024-58253,0,0,da49c0596ff21f0dcbb928a2ca6fee65885d12875648098fb736cb7c8162f298,2025-05-05T20:54:19.760000 +CVE-2024-58254,1,1,92a77921345bd0bcddf55e41a6c8d9f8debc1eb72e19200ec17b3537e7d21687,2025-07-05T02:15:21.127000 CVE-2024-5826,0,0,676ce5cec2202232492aeb7a31cb471cd0485dd44f0bad4d2271201c9d98c0de,2024-11-21T09:48:24.490000 CVE-2024-5827,0,0,12cdd01c3634b5f2da13128a187bc2d1c8d9fa87429a9aed8ec50812f82df183,2024-11-21T09:48:24.607000 CVE-2024-5828,0,0,73069a2f9dbd005f637a8c432d288f4c861c4d147da919c5c71f3de2432e48cd,2025-01-08T21:25:28.967000 @@ -289537,7 +289538,7 @@ CVE-2025-26846,0,0,2164767227730b28c4b4868da96f4f5c7bb49b369c35864b07c2710ae6186 CVE-2025-26847,0,0,3d233c816c39dc38d8668bdd12825abe7f5cae8144b9287d9334a3289625d929,2025-05-16T15:39:00.600000 CVE-2025-26849,0,0,b01e97de5d13c5e322817bb01db0ae13a4e34f402b7f75a8f8b8da54efb28ebd,2025-03-05T04:15:12.367000 CVE-2025-2685,0,0,e47390d79e6358f0707017a49a80b868500d2e61df885503f5f07ed00adc5d2f,2025-03-27T16:45:27.850000 -CVE-2025-26850,1,1,01a03d0b12a942aa835d04a5d8dbdf01ed542e65767299680a56d58e3097c5d5,2025-07-05T00:15:22.670000 +CVE-2025-26850,0,0,01a03d0b12a942aa835d04a5d8dbdf01ed542e65767299680a56d58e3097c5d5,2025-07-05T00:15:22.670000 CVE-2025-26852,0,0,d2fbc16260605a1399a1a51f29d4909881f6e74e5303f79849970f70fec18739,2025-04-23T18:59:47.253000 CVE-2025-26853,0,0,b4d501221b958b69b8680b27722da7876f60455a590dcd68bb308199eb3f564e,2025-04-23T19:13:36.757000 CVE-2025-26856,0,0,7824298cfc11aa81d23219a23487dd842dd5c11d44f90723ef1786188c90cd64,2025-02-20T06:15:21.673000 @@ -295868,7 +295869,7 @@ CVE-2025-43701,0,0,cdb9e5c0513ac4fc64d1742761490b6e885c34f05f46ce897491703334c8a CVE-2025-43703,0,0,d6625a868be77b8d7893d215165a3a98f3361eec5aed450c8d69ce3a9dfaf391,2025-04-17T20:21:48.243000 CVE-2025-43704,0,0,e4a4f68c1c515be2555ad90b5dc0fde58f5ff1d76445660f48da718ee733becf,2025-04-17T20:21:48.243000 CVE-2025-43708,0,0,d38c003beeae09584e47fb48659652128bc4a5d2c5ae13da147de319358e0588,2025-04-17T20:21:48.243000 -CVE-2025-43711,1,1,41ec2e168dee2a12ef3e8b130af5b1288ee1d1434f1cc9b3bcb199c9f8b3412b,2025-07-05T00:15:23.733000 +CVE-2025-43711,0,0,41ec2e168dee2a12ef3e8b130af5b1288ee1d1434f1cc9b3bcb199c9f8b3412b,2025-07-05T00:15:23.733000 CVE-2025-43713,0,0,c9e23d81a895e248042f74cdcb8eff35537bd8bc75ccec0bd91d3702849f3977,2025-07-03T15:13:53.147000 CVE-2025-43714,0,0,cb1496a71eb67171c1556f15fdd8377c3f3c264e0a77af928be602b0d89248f5,2025-06-12T16:24:24.810000 CVE-2025-43715,0,0,16cf4954d648fd87012f5a88d33c7f63ff2347a1f446f7ec65261364d5ff03d8,2025-04-17T20:21:48.243000 @@ -297118,6 +297119,8 @@ CVE-2025-47204,0,0,1087581499a2135246bfaa4b4dda36ede5f4134f69e3bfd8a83443409525f CVE-2025-4721,0,0,5b12152a812ee0a8141ca92ad1ce07fe54f58122d1a25434c4f23dc9f9b473ec,2025-05-27T14:13:32.497000 CVE-2025-4722,0,0,7a9f4792d9d2d1bd9669bfc9ead090bdeb53cca7dd5e461fb6c113463a0e9c32,2025-05-27T14:14:15.353000 CVE-2025-47226,0,0,9e9ee9e6a0d1290ebfec3cf4efbf332e325ff8173805761710078650f408fa82,2025-06-03T14:44:17.277000 +CVE-2025-47227,1,1,bb0ff691cd494e74d3519976db44bf1ea47049f396eaa3b68556da2fec7f8adb,2025-07-05T03:15:30.470000 +CVE-2025-47228,1,1,880784ee453c8bb3b790480ff0692e31008a1bc3bdaccd46d617c101650d667b,2025-07-05T03:15:30.637000 CVE-2025-47229,0,0,ce628b1ca08883508604ad35fbd46640a7a9f93ddbaf98a26f657b9032cc95b5,2025-05-05T20:54:19.760000 CVE-2025-4723,0,0,0415daa35bafd9e63de1b551374da44563d1be8395330dcde3975fc4eef0ad28,2025-05-27T14:14:25.467000 CVE-2025-4724,0,0,22ef6d583945f18353bdb4e3bec008d3a4110d3da2137080faced1b57a1b5a5d,2025-05-27T14:14:38.270000 @@ -299275,9 +299278,9 @@ CVE-2025-53599,0,0,111b60ab172be48052b423c979314dcd8f917153e5cc0bf41e87ee1416b2b CVE-2025-5360,0,0,f6f6f0a68bcc88f729faa5e7b6e62c265dbe0f87de895580450e0ebfdb395bd6,2025-06-03T15:35:19.237000 CVE-2025-53600,0,0,45e4b949bc6405088d1f4c8d66b4b394a5ccae231bce59e0ab096930b3dbdb3b,2025-07-04T08:15:25.823000 CVE-2025-53602,0,0,4fbb0da67d943a966608913bc985271718ea508f9069cf69ef43d7e44a315671,2025-07-04T21:15:23.560000 -CVE-2025-53603,1,1,0ef57944661b4a8c37178144fe0bcd4e8f50c238641c089e241bfcc769261b09,2025-07-05T01:15:27.360000 -CVE-2025-53604,1,1,1bab9e277cfa892c064c40bbba3b5c77ef51c31c8d81c51bf21cb4ac9451d9e9,2025-07-05T01:15:28.340000 -CVE-2025-53605,1,1,e1850a90bbd00208fdd0f92f6be0091829f3c2d4f97e87d63797a52d65dc4d4d,2025-07-05T01:15:28.523000 +CVE-2025-53603,0,0,0ef57944661b4a8c37178144fe0bcd4e8f50c238641c089e241bfcc769261b09,2025-07-05T01:15:27.360000 +CVE-2025-53604,0,0,1bab9e277cfa892c064c40bbba3b5c77ef51c31c8d81c51bf21cb4ac9451d9e9,2025-07-05T01:15:28.340000 +CVE-2025-53605,0,0,e1850a90bbd00208fdd0f92f6be0091829f3c2d4f97e87d63797a52d65dc4d4d,2025-07-05T01:15:28.523000 CVE-2025-5361,0,0,63ed55da0a8819c3072e9ae5cbf20f6ad96bd8fa3415071144a15d946aef0cb0,2025-06-03T15:35:09.950000 CVE-2025-5362,0,0,33b74730f9e7ac14985e93de797c2da60e582983293fbae692e330f50a44162c,2025-06-03T15:34:57.473000 CVE-2025-5363,0,0,d48d3a878cc2187658148b214cb6829e36972108c01dfa0cb86b9cac54da6616,2025-06-03T15:34:39.567000