From a148206511c0f0507ded4ebedb84aec2f8fb5cc3 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sun, 23 Feb 2025 23:03:46 +0000 Subject: [PATCH] Auto-Update: 2025-02-23T23:00:20.057715+00:00 --- CVE-2025/CVE-2025-15xx/CVE-2025-1594.json | 149 ++++++++++++++++++++++ CVE-2025/CVE-2025-15xx/CVE-2025-1595.json | 141 ++++++++++++++++++++ README.md | 14 +- _state.csv | 10 +- 4 files changed, 302 insertions(+), 12 deletions(-) create mode 100644 CVE-2025/CVE-2025-15xx/CVE-2025-1594.json create mode 100644 CVE-2025/CVE-2025-15xx/CVE-2025-1595.json diff --git a/CVE-2025/CVE-2025-15xx/CVE-2025-1594.json b/CVE-2025/CVE-2025-15xx/CVE-2025-1594.json new file mode 100644 index 00000000000..ba78d2d2f38 --- /dev/null +++ b/CVE-2025/CVE-2025-15xx/CVE-2025-1594.json @@ -0,0 +1,149 @@ +{ + "id": "CVE-2025-1594", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-02-23T21:15:09.130", + "lastModified": "2025-02-23T21:15:09.130", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + }, + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://ffmpeg.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://trac.ffmpeg.org/attachment/ticket/11418/poc", + "source": "cna@vuldb.com" + }, + { + "url": "https://trac.ffmpeg.org/ticket/11418#comment:3", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.296589", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.296589", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.496929", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-15xx/CVE-2025-1595.json b/CVE-2025/CVE-2025-15xx/CVE-2025-1595.json new file mode 100644 index 00000000000..943190be4d7 --- /dev/null +++ b/CVE-2025/CVE-2025-15xx/CVE-2025-1595.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-1595", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-02-23T22:15:08.190", + "lastModified": "2025-02-23T22:15:08.190", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in Anhui Xufan Information Technology EasyCVR up to 2.7.0 and classified as problematic. This vulnerability affects unknown code of the file /api/v1/getbaseconfig. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "baseScore": 5.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 10.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + }, + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/MH521/POC/blob/main/EasyCVR-%E8%A7%86%E9%A2%91%E7%AE%A1%E7%90%86%E5%B9%B3%E5%8F%B0getbaseconfig%E6%8E%A5%E5%8F%A3%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.296590", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.296590", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.497485", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index ca9726f8d4e..ae822e446ab 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-02-23T21:00:20.253775+00:00 +2025-02-23T23:00:20.057715+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-02-23T20:15:09.210000+00:00 +2025-02-23T22:15:08.190000+00:00 ``` ### Last Data Feed Release @@ -33,17 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -282109 +282111 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `2` -- [CVE-2025-1590](CVE-2025/CVE-2025-15xx/CVE-2025-1590.json) (`2025-02-23T19:15:08.780`) -- [CVE-2025-1591](CVE-2025/CVE-2025-15xx/CVE-2025-1591.json) (`2025-02-23T19:15:09.407`) -- [CVE-2025-1592](CVE-2025/CVE-2025-15xx/CVE-2025-1592.json) (`2025-02-23T20:15:08.243`) -- [CVE-2025-1593](CVE-2025/CVE-2025-15xx/CVE-2025-1593.json) (`2025-02-23T20:15:09.210`) +- [CVE-2025-1594](CVE-2025/CVE-2025-15xx/CVE-2025-1594.json) (`2025-02-23T21:15:09.130`) +- [CVE-2025-1595](CVE-2025/CVE-2025-15xx/CVE-2025-1595.json) (`2025-02-23T22:15:08.190`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index e67db1b32e3..87f4f664f47 100644 --- a/_state.csv +++ b/_state.csv @@ -279712,10 +279712,12 @@ CVE-2025-1586,0,0,2e1988f52d595a1d9d9f6b46c7e86dfce63fd00ec8e302d63927e1f91f2ed4 CVE-2025-1587,0,0,549a7c2656a2ae2fbc91f2512a9c195c906f315a63875bedbfb98906fe2b2d89,2025-02-23T15:15:10.107000 CVE-2025-1588,0,0,276dd8268245c9486b93f77f6f34e5eeb8a013f4706e2808775c4a29407629d1,2025-02-23T16:15:08.637000 CVE-2025-1589,0,0,d59fc53f1317cf37da767c9f2425cbb5d54c2378befb855f03beb5810fb4efb2,2025-02-23T18:15:08.427000 -CVE-2025-1590,1,1,1ad11388bda41ec07012eaa5c62864adb695bbc852c9bed8b8d1be07e6420b3b,2025-02-23T19:15:08.780000 -CVE-2025-1591,1,1,91c7d35b1ff2c9c2952c39df19b5abd917f99e119dd68d46b75056f9e01502d1,2025-02-23T19:15:09.407000 -CVE-2025-1592,1,1,177cec6067e9eb1dfc0a71399c1200f508d2234a34e7b7bd8fcd77ea2d8364e0,2025-02-23T20:15:08.243000 -CVE-2025-1593,1,1,11816f1e28eb1338430f195be710ad934058ffe6425c7c51bd54af6ada593384,2025-02-23T20:15:09.210000 +CVE-2025-1590,0,0,1ad11388bda41ec07012eaa5c62864adb695bbc852c9bed8b8d1be07e6420b3b,2025-02-23T19:15:08.780000 +CVE-2025-1591,0,0,91c7d35b1ff2c9c2952c39df19b5abd917f99e119dd68d46b75056f9e01502d1,2025-02-23T19:15:09.407000 +CVE-2025-1592,0,0,177cec6067e9eb1dfc0a71399c1200f508d2234a34e7b7bd8fcd77ea2d8364e0,2025-02-23T20:15:08.243000 +CVE-2025-1593,0,0,11816f1e28eb1338430f195be710ad934058ffe6425c7c51bd54af6ada593384,2025-02-23T20:15:09.210000 +CVE-2025-1594,1,1,82c79599ad23aee2986f472f3c7284952e11d3aa1cfc1fb2cbaff9ee1e59a908,2025-02-23T21:15:09.130000 +CVE-2025-1595,1,1,2ebe71182f4cc97d68ea9808877b92817e3a7b934ff3df86e77453509bcc9f2d,2025-02-23T22:15:08.190000 CVE-2025-20014,0,0,9692e5cd581a413def58e50a6734c5a89401a76673de37fc6a41ad824a4429cc,2025-01-29T20:15:35.207000 CVE-2025-20016,0,0,6fccb84eb01c2cd66b422e82777f9738bfe5004121e1b551d0ae454724543c0e,2025-01-14T10:15:07.500000 CVE-2025-20029,0,0,9b8781ac9a16d1f4940e1c86f8d87c8f1f8e66cb5b362950b6fdcd60c25126c4,2025-02-05T18:15:29.573000