From d68ad64a2be26a7719c0a69463256937cacfd05a Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 20 Jan 2025 03:03:51 +0000 Subject: [PATCH] Auto-Update: 2025-01-20T03:00:25.884996+00:00 --- CVE-2025/CVE-2025-05xx/CVE-2025-0578.json | 137 ++++++++++++++++++++++ CVE-2025/CVE-2025-05xx/CVE-2025-0583.json | 60 ++++++++++ README.md | 12 +- _state.csv | 6 +- 4 files changed, 207 insertions(+), 8 deletions(-) create mode 100644 CVE-2025/CVE-2025-05xx/CVE-2025-0578.json create mode 100644 CVE-2025/CVE-2025-05xx/CVE-2025-0583.json diff --git a/CVE-2025/CVE-2025-05xx/CVE-2025-0578.json b/CVE-2025/CVE-2025-05xx/CVE-2025-0578.json new file mode 100644 index 00000000000..55e6196728f --- /dev/null +++ b/CVE-2025/CVE-2025-05xx/CVE-2025-0578.json @@ -0,0 +1,137 @@ +{ + "id": "CVE-2025-0578", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-01-20T02:15:18.913", + "lastModified": "2025-01-20T02:15:18.913", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Facile Sistemas Cloud Apps up to 20250107. It has been classified as problematic. Affected is an unknown function of the file /account/forgotpassword of the component Password Reset Handler. The manipulation of the argument reterros leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 3.5, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseScore": 4.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.292596", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.292596", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.476305", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-05xx/CVE-2025-0583.json b/CVE-2025/CVE-2025-05xx/CVE-2025-0583.json new file mode 100644 index 00000000000..2cb9590501f --- /dev/null +++ b/CVE-2025/CVE-2025-05xx/CVE-2025-0583.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-0583", + "sourceIdentifier": "twcert@cert.org.tw", + "published": "2025-01-20T02:15:19.767", + "lastModified": "2025-01-20T02:15:19.767", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The a+HRD from aEnrich Technology has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.twcert.org.tw/en/cp-139-8369-cf396-2.html", + "source": "twcert@cert.org.tw" + }, + { + "url": "https://www.twcert.org.tw/tw/cp-132-8368-1e317-1.html", + "source": "twcert@cert.org.tw" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index a85f5e695da..77faa043b7f 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-01-20T00:55:31.087944+00:00 +2025-01-20T03:00:25.884996+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-01-20T00:15:16.320000+00:00 +2025-01-20T02:15:19.767000+00:00 ``` ### Last Data Feed Release @@ -27,21 +27,21 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2025-01-19T01:00:04.361223+00:00 +2025-01-20T01:00:04.380451+00:00 ``` ### Total Number of included CVEs ```plain -278125 +278127 ``` ### CVEs added in the last Commit Recently added CVEs: `2` -- [CVE-2025-0575](CVE-2025/CVE-2025-05xx/CVE-2025-0575.json) (`2025-01-19T23:15:20.013`) -- [CVE-2025-0576](CVE-2025/CVE-2025-05xx/CVE-2025-0576.json) (`2025-01-20T00:15:16.320`) +- [CVE-2025-0578](CVE-2025/CVE-2025-05xx/CVE-2025-0578.json) (`2025-01-20T02:15:18.913`) +- [CVE-2025-0583](CVE-2025/CVE-2025-05xx/CVE-2025-0583.json) (`2025-01-20T02:15:19.767`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 1bc107aa4d7..44a462fd3fd 100644 --- a/_state.csv +++ b/_state.csv @@ -277318,8 +277318,10 @@ CVE-2025-0564,0,0,83206ab7d4a6b165cdb38999cbacf04d2d848dbd063370cc5da16a0083e91b CVE-2025-0565,0,0,9e441f2e362b4078450931d0ef12dd08184a10cee05c1fd1b5de39e0c8230d42,2025-01-19T06:15:06.820000 CVE-2025-0566,0,0,29c988a17c3fb61aaa2263e5040acaf54697440fab1afb4ecce6f68279db4262,2025-01-19T07:15:06.407000 CVE-2025-0567,0,0,12e8fb9b6df8c41abec3a05439a422290094ca4ba107624ce5bfa8b951012bc1,2025-01-19T08:15:06.637000 -CVE-2025-0575,1,1,d4d2531949ce585bd3baa2e011227dda5e0ee79ea48b13bf070b89056542be86,2025-01-19T23:15:20.013000 -CVE-2025-0576,1,1,33042c2c9506f882ba6a621133bd8825c25f4dd36b4e81f06b5571a45795f2e3,2025-01-20T00:15:16.320000 +CVE-2025-0575,0,0,d4d2531949ce585bd3baa2e011227dda5e0ee79ea48b13bf070b89056542be86,2025-01-19T23:15:20.013000 +CVE-2025-0576,0,0,33042c2c9506f882ba6a621133bd8825c25f4dd36b4e81f06b5571a45795f2e3,2025-01-20T00:15:16.320000 +CVE-2025-0578,1,1,764ff709c23ac6178f7d66316cb4aec54b2dfbe6625cd8cb6a69eb284ca4d3a9,2025-01-20T02:15:18.913000 +CVE-2025-0583,1,1,8ed8078758003cecf37178786f4bd906ad77d831a470114523ae1b97531b8713,2025-01-20T02:15:19.767000 CVE-2025-20016,0,0,6fccb84eb01c2cd66b422e82777f9738bfe5004121e1b551d0ae454724543c0e,2025-01-14T10:15:07.500000 CVE-2025-20033,0,0,6c60c85e451f1d6db70378d678ddf83dacc7c823ecfb493748ed6d94114eff49,2025-01-09T07:15:28.450000 CVE-2025-20036,0,0,a1d7639f0e568c5953a2962f5a2be630b5737d729f8c4f565a3eec7e4bf19549,2025-01-15T17:15:18.950000