From 98dba17039559c9db4d8c76d4b246f5c8b60fc5f Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sun, 23 Feb 2025 15:03:46 +0000 Subject: [PATCH] Auto-Update: 2025-02-23T15:00:19.783956+00:00 --- CVE-2025/CVE-2025-15xx/CVE-2025-1584.json | 153 ++++++++++++++++++++++ CVE-2025/CVE-2025-15xx/CVE-2025-1585.json | 148 +++++++++++++++++++++ README.md | 13 +- _state.csv | 8 +- 4 files changed, 312 insertions(+), 10 deletions(-) create mode 100644 CVE-2025/CVE-2025-15xx/CVE-2025-1584.json create mode 100644 CVE-2025/CVE-2025-15xx/CVE-2025-1585.json diff --git a/CVE-2025/CVE-2025-15xx/CVE-2025-1584.json b/CVE-2025/CVE-2025-15xx/CVE-2025-1584.json new file mode 100644 index 00000000000..2fcea1546c8 --- /dev/null +++ b/CVE-2025/CVE-2025-15xx/CVE-2025-1584.json @@ -0,0 +1,153 @@ +{ + "id": "CVE-2025-1584", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-02-23T13:15:09.253", + "lastModified": "2025-02-23T13:15:09.253", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as problematic was found in opensolon Solon up to 3.0.8. This vulnerability affects unknown code of the file solon-projects/solon-web/solon-web-staticfiles/src/main/java/org/noear/solon/web/staticfiles/StaticMappings.java. The manipulation leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.0.9 is able to address this issue. The name of the patch is f46e47fd1f8455b9467d7ead3cdb0509115b2ef1. It is recommended to upgrade the affected component." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", + "baseScore": 4.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-23" + }, + { + "lang": "en", + "value": "CWE-24" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/opensolon/solon/commit/f46e47fd1f8455b9467d7ead3cdb0509115b2ef1", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/opensolon/solon/issues/332", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/opensolon/solon/issues/332#issue-2866229828", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/opensolon/solon/issues/332#issuecomment-2674330700", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.296560", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.296560", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.504454", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-15xx/CVE-2025-1585.json b/CVE-2025/CVE-2025-15xx/CVE-2025-1585.json new file mode 100644 index 00000000000..d25e2ceecc2 --- /dev/null +++ b/CVE-2025/CVE-2025-15xx/CVE-2025-1585.json @@ -0,0 +1,148 @@ +{ + "id": "CVE-2025-1585", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-02-23T14:15:09.110", + "lastModified": "2025-02-23T14:15:09.110", + "vulnStatus": "Received", + "cveTags": [ + { + "sourceIdentifier": "cna@vuldb.com", + "tags": [ + "unsupported-when-assigned" + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as problematic, has been found in otale tale up to 2.0.5. This issue affects the function OptionsService of the file src/main/resources/templates/themes/default/partial/header.html. The manipulation of the argument logo_url leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 2.4, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", + "baseScore": 3.3, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "LOW", + "exploitabilityScore": 6.4, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/dragonkeep/cve/blob/main/Tale_Blog_xss.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.296561", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.296561", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.504937", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 5d7968d795b..5d29e535814 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-02-23T13:00:20.106564+00:00 +2025-02-23T15:00:19.783956+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-02-23T12:15:09.550000+00:00 +2025-02-23T14:15:09.110000+00:00 ``` ### Last Data Feed Release @@ -33,16 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -282098 +282100 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `2` -- [CVE-2025-1581](CVE-2025/CVE-2025-15xx/CVE-2025-1581.json) (`2025-02-23T11:15:09.247`) -- [CVE-2025-1582](CVE-2025/CVE-2025-15xx/CVE-2025-1582.json) (`2025-02-23T12:15:08.470`) -- [CVE-2025-1583](CVE-2025/CVE-2025-15xx/CVE-2025-1583.json) (`2025-02-23T12:15:09.550`) +- [CVE-2025-1584](CVE-2025/CVE-2025-15xx/CVE-2025-1584.json) (`2025-02-23T13:15:09.253`) +- [CVE-2025-1585](CVE-2025/CVE-2025-15xx/CVE-2025-1585.json) (`2025-02-23T14:15:09.110`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 4f7e8a38916..0e31a6472df 100644 --- a/_state.csv +++ b/_state.csv @@ -279702,9 +279702,11 @@ CVE-2025-1577,0,0,511daa570f9ea062413f2bed6b33eae352829c776630ae7166a5c1ba24874b CVE-2025-1578,0,0,9663cb9a61689a740797a4de202f81544c2c3f2bf9e4fb29d5fb5a51628924ab,2025-02-23T08:15:08.187000 CVE-2025-1579,0,0,47f84216a9e36312caff9085c25b1754bae23eca9fa0ebf71bb86844e73f7fc4,2025-02-23T09:15:09.393000 CVE-2025-1580,0,0,6f6f51b8629fb2b91628569d15501b66d6e9cad6c386219f7f6f91a4bc91b70f,2025-02-23T10:15:09.623000 -CVE-2025-1581,1,1,a59b3f347128e6a660cebf7b38465027133f66623ab546c7611881afce6667c7,2025-02-23T11:15:09.247000 -CVE-2025-1582,1,1,eccc3f96b055af4e00c42f9af627cf47b694897b13522be44dbdeded6bc83e19,2025-02-23T12:15:08.470000 -CVE-2025-1583,1,1,e334029a00ce9698f70adf6d79ebbc5aa7ca8d5e8f2c14e2cccc3372b741a131,2025-02-23T12:15:09.550000 +CVE-2025-1581,0,0,a59b3f347128e6a660cebf7b38465027133f66623ab546c7611881afce6667c7,2025-02-23T11:15:09.247000 +CVE-2025-1582,0,0,eccc3f96b055af4e00c42f9af627cf47b694897b13522be44dbdeded6bc83e19,2025-02-23T12:15:08.470000 +CVE-2025-1583,0,0,e334029a00ce9698f70adf6d79ebbc5aa7ca8d5e8f2c14e2cccc3372b741a131,2025-02-23T12:15:09.550000 +CVE-2025-1584,1,1,37fcd8b8518ac69af859e6aafbe4aed7ba4463b3713232299f7e413d63714d3e,2025-02-23T13:15:09.253000 +CVE-2025-1585,1,1,07b81c4e240b6600cc73e2859ab1ee15472f06c39704fce5e3aa1ba0724b1eba,2025-02-23T14:15:09.110000 CVE-2025-20014,0,0,9692e5cd581a413def58e50a6734c5a89401a76673de37fc6a41ad824a4429cc,2025-01-29T20:15:35.207000 CVE-2025-20016,0,0,6fccb84eb01c2cd66b422e82777f9738bfe5004121e1b551d0ae454724543c0e,2025-01-14T10:15:07.500000 CVE-2025-20029,0,0,9b8781ac9a16d1f4940e1c86f8d87c8f1f8e66cb5b362950b6fdcd60c25126c4,2025-02-05T18:15:29.573000