admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-01-21T00:55:19.503759+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-01-21 00:58:46 +00:00
parent 2b37b1b4f0
commit 89fe53725d
5 changed files with 85 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
CVE-2024/CVE-2024-73xx/CVE-2024-7394.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-7394",
"sourceIdentifier": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"published": "2024-08-08T17:15:20.023",
"lastModified": "2024-08-29T13:41:24.487",
"vulnStatus": "Analyzed",
"lastModified": "2025-01-21T00:15:25.357",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Concrete CMS versions 9 through 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in getAttributeSetName(). \u00a0A rogue administrator could inject malicious code. The Concrete CMS team gave this a CVSS v3.1 rank of 2 with vector AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator \u00a0and a CVSS v4.0 rank of 1.8 with vector CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N . Thanks, m3dium for reporting."
"value": "Concrete CMS versions 9 through 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in getAttributeSetName(). A rogue administrator could inject malicious code. The Concrete CMS team gave this a CVSS v4.0 rank of 4.6 with vector https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Thanks, m3dium for reporting. (CNA updated this risk rank on 20 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC)"
},
{
"lang": "es",
@ -22,11 +22,11 @@
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 1.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "ACTIVE",

14
CVE-2024/CVE-2024-73xx/CVE-2024-7398.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-7398",
"sourceIdentifier": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"published": "2024-09-25T01:15:45.403",
"lastModified": "2024-09-30T16:12:24.337",
"vulnStatus": "Analyzed",
"lastModified": "2025-01-21T00:15:25.530",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Concrete CMS versions 9 through 9.3.3 and versions below 8.5.19 are vulnerable to stored XSS in the calendar event addition feature because the calendar event name was not sanitized on output. Users or groups with permission to create event calendars can embed scripts, and users or groups with permission to modify event calendars can execute scripts.\u00a0The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 1.8 with vector CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N .\u00a0Thank you, Yusuke Uchida for reporting."
"value": "Concrete CMS versions 9 through 9.3.3 and versions below 8.5.19 are vulnerable to stored XSS in the calendar event addition feature because the calendar event name was not sanitized on output. Users or groups with permission to create event calendars can embed scripts, and users or groups with permission to modify event calendars can execute scripts. The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N Thank you, Yusuke Uchida for reporting.\u00a0CNA updated this risk rank on 20 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC)"
},
{
"lang": "es",
@ -22,11 +22,11 @@
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 1.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "ACTIVE",

60
CVE-2025/CVE-2025-240xx/CVE-2025-24014.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-24014",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-01-20T23:15:07.730",
"lastModified": "2025-01-20T23:15:07.730",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 0.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://github.com/vim/vim/commit/9d1bed5eccdbb46a26b8a484f5e9163c40e63919",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/vim/vim/security/advisories/GHSA-j3g9-wg22-v955",
"source": "security-advisories@github.com"
}
]
}

12
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2025-01-20T23:00:24.468939+00:00
2025-01-21T00:55:19.503759+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2025-01-20T21:15:21.453000+00:00
2025-01-21T00:15:25.530000+00:00
```
### Last Data Feed Release
@ -33,20 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
278157
278158
```
### CVEs added in the last Commit
Recently added CVEs: `1`
- [CVE-2024-13454](CVE-2024/CVE-2024-134xx/CVE-2024-13454.json) (`2025-01-20T21:15:21.453`)
- [CVE-2025-24014](CVE-2025/CVE-2025-240xx/CVE-2025-24014.json) (`2025-01-20T23:15:07.730`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `2`
- [CVE-2024-7394](CVE-2024/CVE-2024-73xx/CVE-2024-7394.json) (`2025-01-21T00:15:25.357`)
- [CVE-2024-7398](CVE-2024/CVE-2024-73xx/CVE-2024-7398.json) (`2025-01-21T00:15:25.530`)
## Download and Usage

7
_state.csv
View File

@ -246028,7 +246028,7 @@ CVE-2024-13433,0,0,b744d44080e2e33c41984f231e71d8cc1252181c511f568444c5c86671c3e
CVE-2024-13434,0,0,292fbae0324c9bc0e0a4304860c64d8e4dabea0f0444b12419bd12eebd083320,2025-01-17T05:15:09.290000
CVE-2024-1344,0,0,3c7e3680ada5d2af6c947ff7713f6316fa39154980892782020553f5d0042cd7,2024-11-21T08:50:22.543000
CVE-2024-1345,0,0,7c212e7b361746cfecf33f6e4ed924489ff6a3a938083dd73fe4da2b7b4649da,2024-11-21T08:50:22.667000
CVE-2024-13454,1,1,e2d1844240dd5346b5a068b3df01d133d984159430edb62f356ca4bcac0bf3e6,2025-01-20T21:15:21.453000
CVE-2024-13454,0,0,e2d1844240dd5346b5a068b3df01d133d984159430edb62f356ca4bcac0bf3e6,2025-01-20T21:15:21.453000
CVE-2024-1346,0,0,67674c75c08ebc67974102102d05a3921f8c61d1fe386fe7de33f2c37b3bc24d,2024-11-21T08:50:22.793000
CVE-2024-1347,0,0,b12a4cbf8e4f285872bf9a248874204d9208208e515ae74de2299237bb6626ad,2024-12-11T19:24:26.643000
CVE-2024-1348,0,0,1859f4ea1d00e7386fbff1ae86e38e3076d8135556fc20b2256d2f026d728722,2024-11-21T08:50:23.040000
@ -274955,11 +274955,11 @@ CVE-2024-7389,0,0,cab381fcf4b9b71264f141b348bf1292afa8da6fe747dc8fe0784ecf6d792f
CVE-2024-7390,0,0,62257d50cfac87a87bf72bf184895cbf9edf65dcbcd5b500828f71bf6dd1b693,2024-09-27T17:45:05.590000
CVE-2024-7391,0,0,2752de4ae00b5b2870d0f6d32309617f0c9e8b04345fde12d660bbbcdd1fe039,2024-12-03T21:44:10.397000
CVE-2024-7392,0,0,df337276c1b7ad5043680e2710dff50a1d97b86398705520a864550842c7662d,2024-12-03T22:17:52.127000
CVE-2024-7394,0,0,ff8c1a258c7919bd1d4109f5e6cba098213895b35a13e19706097f3b25474770,2024-08-29T13:41:24.487000
CVE-2024-7394,0,1,c1307b9c04d9bc8bb8442618d778b285a732aec46f3e662fdc43455a034f8f04,2025-01-21T00:15:25.357000
CVE-2024-7395,0,0,9670a510512a2d389618b6b7a9e542ec25dda208b778cea14c25d4d5f6f00cbb,2024-08-06T16:31:05.780000
CVE-2024-7396,0,0,8a875ab721388a8a38590227097961f1c28ed1bcb468d82139ba5cc1ba1722a1,2024-08-06T16:31:05.780000
CVE-2024-7397,0,0,c5a0c73547b864024bde47bf4a3a4f33e674da9347e7a5fc1f2aad14a6c74ebc,2024-08-06T16:31:05.780000
CVE-2024-7398,0,0,0ad991756d72192e254d868fb568858b60448c6ca02e640d33768b737ad48889,2024-09-30T16:12:24.337000
CVE-2024-7398,0,1,b2d315bc04eb5d24ade126add554db2c711000793ee5c981d953a99e703c95a9,2025-01-21T00:15:25.530000
CVE-2024-7399,0,0,c63a2f56ac97180c8eeaff7425fc4e1891afb5117e5e5ee0a06426ef5c6cec5b,2024-08-13T15:30:52.337000
CVE-2024-7400,0,0,691fe991f86a9ab7ca1113eaf257359b12516af7fe0faecee4356ed1b454ad75,2024-09-30T12:46:20.237000
CVE-2024-7401,0,0,e2be012fbde8a842c00955b5b9f4bae9e1da9213729f95b9c08073c75ce6ffc9,2024-09-05T18:34:17.433000
@ -278155,4 +278155,5 @@ CVE-2025-23963,0,0,b25e75626ec56255a41425e6f3edd3e3aea1c19b7ee658d0d0b26b28ec1f0
CVE-2025-23965,0,0,53fb1e10aaa7ebd57bd7f00633a90cd803f03e00b4bc8c44e50c428b42627500,2025-01-16T21:15:38.023000
CVE-2025-24010,0,0,b1ad142cb0e12a44fa76d1536c3ae8cc5dc1c93205ad3e19be582c3fc492507c,2025-01-20T16:15:28.730000
CVE-2025-24013,0,0,a013478a51520d1a805dca03a3a7f43a81c8ee1d4137efd7110dbaf0e05d94c6,2025-01-20T16:15:28.877000
CVE-2025-24014,1,1,2cffc7146974e475ed988d48da3b4c2ff6fcf00f1266e68b987745a0fb734028,2025-01-20T23:15:07.730000
CVE-2025-24337,0,0,07d30bbea6dfa209bcd4c6bc43756d477d6586721f50f7d7909041753d5deb68,2025-01-20T14:15:27.130000

Can't render this file because it is too large.