From ae4a70aae316feab6195e7f6e7f20a46ca7731f4 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 13 Jan 2025 00:59:02 +0000 Subject: [PATCH] Auto-Update: 2025-01-13T00:55:35.954495+00:00 --- CVE-2025/CVE-2025-03xx/CVE-2025-0399.json | 145 ++++++++++++++++++++++ CVE-2025/CVE-2025-04xx/CVE-2025-0400.json | 145 ++++++++++++++++++++++ CVE-2025/CVE-2025-04xx/CVE-2025-0401.json | 141 +++++++++++++++++++++ CVE-2025/CVE-2025-04xx/CVE-2025-0402.json | 145 ++++++++++++++++++++++ CVE-2025/CVE-2025-04xx/CVE-2025-0403.json | 145 ++++++++++++++++++++++ README.md | 19 +-- _state.csv | 13 +- 7 files changed, 740 insertions(+), 13 deletions(-) create mode 100644 CVE-2025/CVE-2025-03xx/CVE-2025-0399.json create mode 100644 CVE-2025/CVE-2025-04xx/CVE-2025-0400.json create mode 100644 CVE-2025/CVE-2025-04xx/CVE-2025-0401.json create mode 100644 CVE-2025/CVE-2025-04xx/CVE-2025-0402.json create mode 100644 CVE-2025/CVE-2025-04xx/CVE-2025-0403.json diff --git a/CVE-2025/CVE-2025-03xx/CVE-2025-0399.json b/CVE-2025/CVE-2025-03xx/CVE-2025-0399.json new file mode 100644 index 00000000000..5e47c4da3ac --- /dev/null +++ b/CVE-2025/CVE-2025-03xx/CVE-2025-0399.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-0399", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-01-12T23:15:07.050", + "lastModified": "2025-01-12T23:15:07.050", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in StarSea99 starsea-mall 1.0. It has been declared as critical. This vulnerability affects the function UploadController of the file src/main/java/com/siro/mall/controller/common/uploadController.java. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", + "baseScore": 5.8, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 6.4, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + }, + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/StarSea99/starsea-mall/issues/3", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/StarSea99/starsea-mall/issues/3#issue-2765550309", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.291274", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.291274", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.473319", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-04xx/CVE-2025-0400.json b/CVE-2025/CVE-2025-04xx/CVE-2025-0400.json new file mode 100644 index 00000000000..8f904020c7c --- /dev/null +++ b/CVE-2025/CVE-2025-04xx/CVE-2025-0400.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-0400", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-01-12T23:15:07.260", + "lastModified": "2025-01-12T23:15:07.260", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in StarSea99 starsea-mall 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/categories/update. The manipulation of the argument categoryName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 2.4, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", + "baseScore": 3.3, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "LOW", + "exploitabilityScore": 6.4, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/StarSea99/starsea-mall/issues/5", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/StarSea99/starsea-mall/issues/5#issue-2765562635", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.291275", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.291275", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.473321", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-04xx/CVE-2025-0401.json b/CVE-2025/CVE-2025-04xx/CVE-2025-0401.json new file mode 100644 index 00000000000..d617239c7d4 --- /dev/null +++ b/CVE-2025/CVE-2025-04xx/CVE-2025-0401.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-0401", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-01-13T00:15:06.807", + "lastModified": "2025-01-13T00:15:06.807", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in 1902756969 reggie 1.0. Affected is the function download of the file src/main/java/com/itheima/reggie/controller/CommonController.java. The manipulation of the argument name leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "baseScore": 5.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 10.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/1902756969/reggie/issues/1", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/1902756969/reggie/issues/1#issue-2765577260", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.291276", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.291276", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.473322", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-04xx/CVE-2025-0402.json b/CVE-2025/CVE-2025-04xx/CVE-2025-0402.json new file mode 100644 index 00000000000..150c500345a --- /dev/null +++ b/CVE-2025/CVE-2025-04xx/CVE-2025-0402.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-0402", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-01-13T00:15:07.707", + "lastModified": "2025-01-13T00:15:07.707", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in 1902756969 reggie 1.0. Affected by this vulnerability is the function upload of the file src/main/java/com/itheima/reggie/controller/CommonController.java. The manipulation of the argument file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + }, + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/1902756969/reggie/issues/2", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/1902756969/reggie/issues/2#issue-2765582342", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.291277", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.291277", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.473324", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-04xx/CVE-2025-0403.json b/CVE-2025/CVE-2025-04xx/CVE-2025-0403.json new file mode 100644 index 00000000000..c90b7d309ae --- /dev/null +++ b/CVE-2025/CVE-2025-04xx/CVE-2025-0403.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-0403", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-01-13T00:15:07.873", + "lastModified": "2025-01-13T00:15:07.873", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as problematic, has been found in 1902756969 reggie 1.0. Affected by this issue is some unknown functionality of the file /user/sendMsg of the component Phone Number Validation Handler. The manipulation of the argument code leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "baseScore": 5.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 10.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + }, + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/1902756969/reggie/issues/3", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/1902756969/reggie/issues/3#issue-2765587336", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.291278", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.291278", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.473325", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 009cf9f7678..7cff1ab0ca5 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-01-12T23:00:19.003237+00:00 +2025-01-13T00:55:35.954495+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-01-12T22:15:07.120000+00:00 +2025-01-13T00:15:07.873000+00:00 ``` ### Last Data Feed Release @@ -33,23 +33,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -276807 +276812 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `5` -- [CVE-2024-42179](CVE-2024/CVE-2024-421xx/CVE-2024-42179.json) (`2025-01-12T22:15:05.923`) -- [CVE-2024-42180](CVE-2024/CVE-2024-421xx/CVE-2024-42180.json) (`2025-01-12T22:15:06.983`) -- [CVE-2024-42181](CVE-2024/CVE-2024-421xx/CVE-2024-42181.json) (`2025-01-12T22:15:07.120`) +- [CVE-2025-0399](CVE-2025/CVE-2025-03xx/CVE-2025-0399.json) (`2025-01-12T23:15:07.050`) +- [CVE-2025-0400](CVE-2025/CVE-2025-04xx/CVE-2025-0400.json) (`2025-01-12T23:15:07.260`) +- [CVE-2025-0401](CVE-2025/CVE-2025-04xx/CVE-2025-0401.json) (`2025-01-13T00:15:06.807`) +- [CVE-2025-0402](CVE-2025/CVE-2025-04xx/CVE-2025-0402.json) (`2025-01-13T00:15:07.707`) +- [CVE-2025-0403](CVE-2025/CVE-2025-04xx/CVE-2025-0403.json) (`2025-01-13T00:15:07.873`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `0` -- [CVE-2021-30184](CVE-2021/CVE-2021-301xx/CVE-2021-30184.json) (`2025-01-12T21:15:18.060`) ## Download and Usage diff --git a/_state.csv b/_state.csv index ecbf61012fa..d5f29d32c32 100644 --- a/_state.csv +++ b/_state.csv @@ -174634,7 +174634,7 @@ CVE-2021-3018,0,0,16a69cd64423ff75efb63619f9a5bc638521e6df58a32ead2cc5567610cebc CVE-2021-30180,0,0,7cf81cc599fadc0c20fdd3a5abc81cda7123eb332cd47eb8bd17bd575ef305a0,2024-11-21T06:03:28.323000 CVE-2021-30181,0,0,d8fcd3967f52d37d1b1114ecf3da35baf14a6e2fb74e758e7addad33d08f57c9,2024-11-21T06:03:28.430000 CVE-2021-30183,0,0,7ea7e0d54eb37f228d38c6f0b4325b1256e6a54168f67cbaa007aff05965ee09,2024-11-21T06:03:28.540000 -CVE-2021-30184,0,1,3a205c0ba3164533a6ea5ecf3ccc8d5c345bb0e2e1aafc13c7d67dce042245b1,2025-01-12T21:15:18.060000 +CVE-2021-30184,0,0,3a205c0ba3164533a6ea5ecf3ccc8d5c345bb0e2e1aafc13c7d67dce042245b1,2025-01-12T21:15:18.060000 CVE-2021-30185,0,0,33671a84071bb74ff145adf9921b67106974918df0329b277aa949cbf63e8964,2024-11-21T06:03:28.857000 CVE-2021-30186,0,0,ffee1b429d0d16421a8a6ba6e83418690d13d62feac75cf1a5c802ffb35f3fa5,2024-11-21T06:03:29.010000 CVE-2021-30187,0,0,1c6cb8aa67bc4cfcd92846829bb73641f6e508da16ea87e5a428cc6cd657b31a,2024-11-21T06:03:29.160000 @@ -263227,10 +263227,10 @@ CVE-2024-42172,0,0,225fcad75eabc6687a4f18f7362b2adb3c25abd093cdc9d59c7996b0d4e7c CVE-2024-42173,0,0,44f315b59e5db8539983c783dcc88b531da6958c918975bbf10efa6c538c20d2,2025-01-11T07:15:08.927000 CVE-2024-42174,0,0,3f28820a9bd8cf8cf9d334457ab9a1a64b4e8c40d794a897f768f73624ecc250,2025-01-11T07:15:09.110000 CVE-2024-42175,0,0,15ace39e893c1bff8b7e16e522cde4b95b5af743307f180322bb8a85d03c4238,2025-01-11T08:15:26.343000 -CVE-2024-42179,1,1,5e44a06faf5de646efa63bdd22e13e75061d112a56d64113167a2850a68fdec4,2025-01-12T22:15:05.923000 +CVE-2024-42179,0,0,5e44a06faf5de646efa63bdd22e13e75061d112a56d64113167a2850a68fdec4,2025-01-12T22:15:05.923000 CVE-2024-4218,0,0,7a0061e75f27495a7259e5a50ce11715685411290c6b771dfa8c54d8a57b046e,2024-11-21T09:42:24.667000 -CVE-2024-42180,1,1,b8981c5f4c283ce4938fb12f4fb994e8d974d1368c48899ad7966d2aeeeb05af,2025-01-12T22:15:06.983000 -CVE-2024-42181,1,1,e7ae476db729412a07da99fe69c05026658c00a62acd974cd71c0fba47129e81,2025-01-12T22:15:07.120000 +CVE-2024-42180,0,0,b8981c5f4c283ce4938fb12f4fb994e8d974d1368c48899ad7966d2aeeeb05af,2025-01-12T22:15:06.983000 +CVE-2024-42181,0,0,e7ae476db729412a07da99fe69c05026658c00a62acd974cd71c0fba47129e81,2025-01-12T22:15:07.120000 CVE-2024-42188,0,0,a8278cfe50e3ca68bde755bed653483d11589c1acd3e94c1e7362476b4ce136e,2024-11-15T13:58:08.913000 CVE-2024-4219,0,0,cd28361343cc861bde40c0bbbee1aabb101ed013946c5589d3ba0dabbead402f,2024-11-21T09:42:24.783000 CVE-2024-42194,0,0,af3a202d05f65dc11d1d1e7b62226f11c65e5914cb08b7ffa3083b3f3386e580,2024-12-17T18:15:23.590000 @@ -276561,6 +276561,11 @@ CVE-2025-0392,0,0,aa9606366d99278451746d2e901d7f278b325bf8d4482ec56713b1565fb0cf CVE-2025-0396,0,0,40cf499d3af0887461cef0ee82c838ac2a8e455615e0ec1716aab5bb9b6cf389,2025-01-12T12:15:17.963000 CVE-2025-0397,0,0,3df48a7f37b6ddd991a6e6b1d0d3d26e3ecb37c3bfeb145a466570cacbe4e525,2025-01-12T13:15:07.333000 CVE-2025-0398,0,0,afd394c257e601522591072049c131282d9fd441fccfb2024d6a2bacf7579a14,2025-01-12T14:15:08.993000 +CVE-2025-0399,1,1,d60b1b6ef61b0ec183b16fa9fb492e99dc1a626abcc7c266cc75d7da6f283ba1,2025-01-12T23:15:07.050000 +CVE-2025-0400,1,1,e75b7707074f3934617e4387fdd7dc444ef02cd9e555bb333b33000d55af7a84,2025-01-12T23:15:07.260000 +CVE-2025-0401,1,1,387e19a2812b1284381b4c9d44a677a221e0b3ef26759604ce2f59eba2070a83,2025-01-13T00:15:06.807000 +CVE-2025-0402,1,1,9535638fcb03e30ea11b5c4b5bbda52e7fa7f3950ffb295da164028bcd69947c,2025-01-13T00:15:07.707000 +CVE-2025-0403,1,1,410c24d6d1526a0b93f1cc8d7a91ca28b7a89a1c34c372c6fcb34f8a0ae69847,2025-01-13T00:15:07.873000 CVE-2025-20033,0,0,6c60c85e451f1d6db70378d678ddf83dacc7c823ecfb493748ed6d94114eff49,2025-01-09T07:15:28.450000 CVE-2025-20123,0,0,54512af23f890abd1fef44213c66523a0b62c1420699fcab5bda08e37f5f4455,2025-01-08T16:15:38.150000 CVE-2025-20126,0,0,0fcc9383f8a59c5e0d551ae3c2ee7933f9c74701d79731c282030a0992412e7d,2025-01-08T19:15:38.553000