admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 03:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-02-23T15:00:19.783956+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-02-23 15:03:46 +00:00
parent 74eac771e0
commit 98dba17039
4 changed files with 312 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

153
CVE-2025/CVE-2025-15xx/CVE-2025-1584.json Normal file
View File

@ -0,0 +1,153 @@
{
"id": "CVE-2025-1584",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-02-23T13:15:09.253",
"lastModified": "2025-02-23T13:15:09.253",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in opensolon Solon up to 3.0.8. This vulnerability affects unknown code of the file solon-projects/solon-web/solon-web-staticfiles/src/main/java/org/noear/solon/web/staticfiles/StaticMappings.java. The manipulation leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.0.9 is able to address this issue. The name of the patch is f46e47fd1f8455b9467d7ead3cdb0509115b2ef1. It is recommended to upgrade the affected component."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"baseScore": 4.0,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-23"
},
{
"lang": "en",
"value": "CWE-24"
}
]
}
],
"references": [
{
"url": "https://github.com/opensolon/solon/commit/f46e47fd1f8455b9467d7ead3cdb0509115b2ef1",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/opensolon/solon/issues/332",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/opensolon/solon/issues/332#issue-2866229828",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/opensolon/solon/issues/332#issuecomment-2674330700",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.296560",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.296560",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.504454",
"source": "cna@vuldb.com"
}
]
}

148
CVE-2025/CVE-2025-15xx/CVE-2025-1585.json Normal file
View File

@ -0,0 +1,148 @@
{
"id": "CVE-2025-1585",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-02-23T14:15:09.110",
"lastModified": "2025-02-23T14:15:09.110",
"vulnStatus": "Received",
"cveTags": [
{
"sourceIdentifier": "cna@vuldb.com",
"tags": [
"unsupported-when-assigned"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in otale tale up to 2.0.5. This issue affects the function OptionsService of the file src/main/resources/templates/themes/default/partial/header.html. The manipulation of the argument logo_url leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 2.4,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"baseScore": 3.3,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE"
},
"baseSeverity": "LOW",
"exploitabilityScore": 6.4,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://github.com/dragonkeep/cve/blob/main/Tale_Blog_xss.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.296561",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.296561",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.504937",
"source": "cna@vuldb.com"
}
]
}

13
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2025-02-23T13:00:20.106564+00:00
2025-02-23T15:00:19.783956+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2025-02-23T12:15:09.550000+00:00
2025-02-23T14:15:09.110000+00:00
```
### Last Data Feed Release
@ -33,16 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
282098
282100
```
### CVEs added in the last Commit
Recently added CVEs: `3`
Recently added CVEs: `2`
- [CVE-2025-1581](CVE-2025/CVE-2025-15xx/CVE-2025-1581.json) (`2025-02-23T11:15:09.247`)
- [CVE-2025-1582](CVE-2025/CVE-2025-15xx/CVE-2025-1582.json) (`2025-02-23T12:15:08.470`)
- [CVE-2025-1583](CVE-2025/CVE-2025-15xx/CVE-2025-1583.json) (`2025-02-23T12:15:09.550`)
- [CVE-2025-1584](CVE-2025/CVE-2025-15xx/CVE-2025-1584.json) (`2025-02-23T13:15:09.253`)
- [CVE-2025-1585](CVE-2025/CVE-2025-15xx/CVE-2025-1585.json) (`2025-02-23T14:15:09.110`)
### CVEs modified in the last Commit

8
_state.csv
View File

@ -279702,9 +279702,11 @@ CVE-2025-1577,0,0,511daa570f9ea062413f2bed6b33eae352829c776630ae7166a5c1ba24874b
CVE-2025-1578,0,0,9663cb9a61689a740797a4de202f81544c2c3f2bf9e4fb29d5fb5a51628924ab,2025-02-23T08:15:08.187000
CVE-2025-1579,0,0,47f84216a9e36312caff9085c25b1754bae23eca9fa0ebf71bb86844e73f7fc4,2025-02-23T09:15:09.393000
CVE-2025-1580,0,0,6f6f51b8629fb2b91628569d15501b66d6e9cad6c386219f7f6f91a4bc91b70f,2025-02-23T10:15:09.623000
CVE-2025-1581,1,1,a59b3f347128e6a660cebf7b38465027133f66623ab546c7611881afce6667c7,2025-02-23T11:15:09.247000
CVE-2025-1582,1,1,eccc3f96b055af4e00c42f9af627cf47b694897b13522be44dbdeded6bc83e19,2025-02-23T12:15:08.470000
CVE-2025-1583,1,1,e334029a00ce9698f70adf6d79ebbc5aa7ca8d5e8f2c14e2cccc3372b741a131,2025-02-23T12:15:09.550000
CVE-2025-1581,0,0,a59b3f347128e6a660cebf7b38465027133f66623ab546c7611881afce6667c7,2025-02-23T11:15:09.247000
CVE-2025-1582,0,0,eccc3f96b055af4e00c42f9af627cf47b694897b13522be44dbdeded6bc83e19,2025-02-23T12:15:08.470000
CVE-2025-1583,0,0,e334029a00ce9698f70adf6d79ebbc5aa7ca8d5e8f2c14e2cccc3372b741a131,2025-02-23T12:15:09.550000
CVE-2025-1584,1,1,37fcd8b8518ac69af859e6aafbe4aed7ba4463b3713232299f7e413d63714d3e,2025-02-23T13:15:09.253000
CVE-2025-1585,1,1,07b81c4e240b6600cc73e2859ab1ee15472f06c39704fce5e3aa1ba0724b1eba,2025-02-23T14:15:09.110000
CVE-2025-20014,0,0,9692e5cd581a413def58e50a6734c5a89401a76673de37fc6a41ad824a4429cc,2025-01-29T20:15:35.207000
CVE-2025-20016,0,0,6fccb84eb01c2cd66b422e82777f9738bfe5004121e1b551d0ae454724543c0e,2025-01-14T10:15:07.500000
CVE-2025-20029,0,0,9b8781ac9a16d1f4940e1c86f8d87c8f1f8e66cb5b362950b6fdcd60c25126c4,2025-02-05T18:15:29.573000

Can't render this file because it is too large.