Auto-Update: 2025-01-20T03:00:25.884996+00:00

This commit is contained in:
cad-safe-bot 2025-01-20 03:03:51 +00:00
parent 7a21209deb
commit d68ad64a2b
4 changed files with 207 additions and 8 deletions

View File

@ -0,0 +1,137 @@
{
"id": "CVE-2025-0578",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-01-20T02:15:18.913",
"lastModified": "2025-01-20T02:15:18.913",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Facile Sistemas Cloud Apps up to 20250107. It has been classified as problematic. Affected is an unknown function of the file /account/forgotpassword of the component Password Reset Handler. The manipulation of the argument reterros leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 3.5,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseScore": 4.0,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.292596",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.292596",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.476305",
"source": "cna@vuldb.com"
}
]
}

View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-0583",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2025-01-20T02:15:19.767",
"lastModified": "2025-01-20T02:15:19.767",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The a+HRD from aEnrich Technology has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/en/cp-139-8369-cf396-2.html",
"source": "twcert@cert.org.tw"
},
{
"url": "https://www.twcert.org.tw/tw/cp-132-8368-1e317-1.html",
"source": "twcert@cert.org.tw"
}
]
}

View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2025-01-20T00:55:31.087944+00:00
2025-01-20T03:00:25.884996+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2025-01-20T00:15:16.320000+00:00
2025-01-20T02:15:19.767000+00:00
```
### Last Data Feed Release
@ -27,21 +27,21 @@ Repository synchronizes with the NVD every 2 hours.
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
```plain
2025-01-19T01:00:04.361223+00:00
2025-01-20T01:00:04.380451+00:00
```
### Total Number of included CVEs
```plain
278125
278127
```
### CVEs added in the last Commit
Recently added CVEs: `2`
- [CVE-2025-0575](CVE-2025/CVE-2025-05xx/CVE-2025-0575.json) (`2025-01-19T23:15:20.013`)
- [CVE-2025-0576](CVE-2025/CVE-2025-05xx/CVE-2025-0576.json) (`2025-01-20T00:15:16.320`)
- [CVE-2025-0578](CVE-2025/CVE-2025-05xx/CVE-2025-0578.json) (`2025-01-20T02:15:18.913`)
- [CVE-2025-0583](CVE-2025/CVE-2025-05xx/CVE-2025-0583.json) (`2025-01-20T02:15:19.767`)
### CVEs modified in the last Commit

View File

@ -277318,8 +277318,10 @@ CVE-2025-0564,0,0,83206ab7d4a6b165cdb38999cbacf04d2d848dbd063370cc5da16a0083e91b
CVE-2025-0565,0,0,9e441f2e362b4078450931d0ef12dd08184a10cee05c1fd1b5de39e0c8230d42,2025-01-19T06:15:06.820000
CVE-2025-0566,0,0,29c988a17c3fb61aaa2263e5040acaf54697440fab1afb4ecce6f68279db4262,2025-01-19T07:15:06.407000
CVE-2025-0567,0,0,12e8fb9b6df8c41abec3a05439a422290094ca4ba107624ce5bfa8b951012bc1,2025-01-19T08:15:06.637000
CVE-2025-0575,1,1,d4d2531949ce585bd3baa2e011227dda5e0ee79ea48b13bf070b89056542be86,2025-01-19T23:15:20.013000
CVE-2025-0576,1,1,33042c2c9506f882ba6a621133bd8825c25f4dd36b4e81f06b5571a45795f2e3,2025-01-20T00:15:16.320000
CVE-2025-0575,0,0,d4d2531949ce585bd3baa2e011227dda5e0ee79ea48b13bf070b89056542be86,2025-01-19T23:15:20.013000
CVE-2025-0576,0,0,33042c2c9506f882ba6a621133bd8825c25f4dd36b4e81f06b5571a45795f2e3,2025-01-20T00:15:16.320000
CVE-2025-0578,1,1,764ff709c23ac6178f7d66316cb4aec54b2dfbe6625cd8cb6a69eb284ca4d3a9,2025-01-20T02:15:18.913000
CVE-2025-0583,1,1,8ed8078758003cecf37178786f4bd906ad77d831a470114523ae1b97531b8713,2025-01-20T02:15:19.767000
CVE-2025-20016,0,0,6fccb84eb01c2cd66b422e82777f9738bfe5004121e1b551d0ae454724543c0e,2025-01-14T10:15:07.500000
CVE-2025-20033,0,0,6c60c85e451f1d6db70378d678ddf83dacc7c823ecfb493748ed6d94114eff49,2025-01-09T07:15:28.450000
CVE-2025-20036,0,0,a1d7639f0e568c5953a2962f5a2be630b5737d729f8c4f565a3eec7e4bf19549,2025-01-15T17:15:18.950000

Can't render this file because it is too large.