mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-07-09 16:05:11 +00:00
Auto-Update: 2025-01-20T03:00:25.884996+00:00
This commit is contained in:
parent
7a21209deb
commit
d68ad64a2b
137
CVE-2025/CVE-2025-05xx/CVE-2025-0578.json
Normal file
137
CVE-2025/CVE-2025-05xx/CVE-2025-0578.json
Normal file
@ -0,0 +1,137 @@
|
||||
{
|
||||
"id": "CVE-2025-0578",
|
||||
"sourceIdentifier": "cna@vuldb.com",
|
||||
"published": "2025-01-20T02:15:18.913",
|
||||
"lastModified": "2025-01-20T02:15:18.913",
|
||||
"vulnStatus": "Received",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability was found in Facile Sistemas Cloud Apps up to 20250107. It has been classified as problematic. Affected is an unknown function of the file /account/forgotpassword of the component Password Reset Handler. The manipulation of the argument reterros leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV40": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "4.0",
|
||||
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
|
||||
"baseScore": 5.3,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"attackRequirements": "NONE",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"vulnerableSystemConfidentiality": "NONE",
|
||||
"vulnerableSystemIntegrity": "LOW",
|
||||
"vulnerableSystemAvailability": "NONE",
|
||||
"subsequentSystemConfidentiality": "NONE",
|
||||
"subsequentSystemIntegrity": "NONE",
|
||||
"subsequentSystemAvailability": "NONE",
|
||||
"exploitMaturity": "NOT_DEFINED",
|
||||
"confidentialityRequirements": "NOT_DEFINED",
|
||||
"integrityRequirements": "NOT_DEFINED",
|
||||
"availabilityRequirements": "NOT_DEFINED",
|
||||
"modifiedAttackVector": "NOT_DEFINED",
|
||||
"modifiedAttackComplexity": "NOT_DEFINED",
|
||||
"modifiedAttackRequirements": "NOT_DEFINED",
|
||||
"modifiedPrivilegesRequired": "NOT_DEFINED",
|
||||
"modifiedUserInteraction": "NOT_DEFINED",
|
||||
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
|
||||
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
|
||||
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
|
||||
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
|
||||
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
|
||||
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
|
||||
"safety": "NOT_DEFINED",
|
||||
"automatable": "NOT_DEFINED",
|
||||
"recovery": "NOT_DEFINED",
|
||||
"valueDensity": "NOT_DEFINED",
|
||||
"vulnerabilityResponseEffort": "NOT_DEFINED",
|
||||
"providerUrgency": "NOT_DEFINED"
|
||||
}
|
||||
}
|
||||
],
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
|
||||
"baseScore": 3.5,
|
||||
"baseSeverity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "NONE"
|
||||
},
|
||||
"exploitabilityScore": 2.1,
|
||||
"impactScore": 1.4
|
||||
}
|
||||
],
|
||||
"cvssMetricV2": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "2.0",
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
|
||||
"baseScore": 4.0,
|
||||
"accessVector": "NETWORK",
|
||||
"accessComplexity": "LOW",
|
||||
"authentication": "SINGLE",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "PARTIAL",
|
||||
"availabilityImpact": "NONE"
|
||||
},
|
||||
"baseSeverity": "MEDIUM",
|
||||
"exploitabilityScore": 8.0,
|
||||
"impactScore": 2.9,
|
||||
"acInsufInfo": false,
|
||||
"obtainAllPrivilege": false,
|
||||
"obtainUserPrivilege": false,
|
||||
"obtainOtherPrivilege": false,
|
||||
"userInteractionRequired": false
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-79"
|
||||
},
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-94"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://vuldb.com/?ctiid.292596",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?id.292596",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?submit.476305",
|
||||
"source": "cna@vuldb.com"
|
||||
}
|
||||
]
|
||||
}
|
60
CVE-2025/CVE-2025-05xx/CVE-2025-0583.json
Normal file
60
CVE-2025/CVE-2025-05xx/CVE-2025-0583.json
Normal file
@ -0,0 +1,60 @@
|
||||
{
|
||||
"id": "CVE-2025-0583",
|
||||
"sourceIdentifier": "twcert@cert.org.tw",
|
||||
"published": "2025-01-20T02:15:19.767",
|
||||
"lastModified": "2025-01-20T02:15:19.767",
|
||||
"vulnStatus": "Received",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The a+HRD from aEnrich Technology has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "twcert@cert.org.tw",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
|
||||
"baseScore": 6.1,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "CHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "NONE"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 2.7
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "twcert@cert.org.tw",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-79"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://www.twcert.org.tw/en/cp-139-8369-cf396-2.html",
|
||||
"source": "twcert@cert.org.tw"
|
||||
},
|
||||
{
|
||||
"url": "https://www.twcert.org.tw/tw/cp-132-8368-1e317-1.html",
|
||||
"source": "twcert@cert.org.tw"
|
||||
}
|
||||
]
|
||||
}
|
12
README.md
12
README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
|
||||
### Last Repository Update
|
||||
|
||||
```plain
|
||||
2025-01-20T00:55:31.087944+00:00
|
||||
2025-01-20T03:00:25.884996+00:00
|
||||
```
|
||||
|
||||
### Most recent CVE Modification Timestamp synchronized with NVD
|
||||
|
||||
```plain
|
||||
2025-01-20T00:15:16.320000+00:00
|
||||
2025-01-20T02:15:19.767000+00:00
|
||||
```
|
||||
|
||||
### Last Data Feed Release
|
||||
@ -27,21 +27,21 @@ Repository synchronizes with the NVD every 2 hours.
|
||||
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
|
||||
|
||||
```plain
|
||||
2025-01-19T01:00:04.361223+00:00
|
||||
2025-01-20T01:00:04.380451+00:00
|
||||
```
|
||||
|
||||
### Total Number of included CVEs
|
||||
|
||||
```plain
|
||||
278125
|
||||
278127
|
||||
```
|
||||
|
||||
### CVEs added in the last Commit
|
||||
|
||||
Recently added CVEs: `2`
|
||||
|
||||
- [CVE-2025-0575](CVE-2025/CVE-2025-05xx/CVE-2025-0575.json) (`2025-01-19T23:15:20.013`)
|
||||
- [CVE-2025-0576](CVE-2025/CVE-2025-05xx/CVE-2025-0576.json) (`2025-01-20T00:15:16.320`)
|
||||
- [CVE-2025-0578](CVE-2025/CVE-2025-05xx/CVE-2025-0578.json) (`2025-01-20T02:15:18.913`)
|
||||
- [CVE-2025-0583](CVE-2025/CVE-2025-05xx/CVE-2025-0583.json) (`2025-01-20T02:15:19.767`)
|
||||
|
||||
|
||||
### CVEs modified in the last Commit
|
||||
|
@ -277318,8 +277318,10 @@ CVE-2025-0564,0,0,83206ab7d4a6b165cdb38999cbacf04d2d848dbd063370cc5da16a0083e91b
|
||||
CVE-2025-0565,0,0,9e441f2e362b4078450931d0ef12dd08184a10cee05c1fd1b5de39e0c8230d42,2025-01-19T06:15:06.820000
|
||||
CVE-2025-0566,0,0,29c988a17c3fb61aaa2263e5040acaf54697440fab1afb4ecce6f68279db4262,2025-01-19T07:15:06.407000
|
||||
CVE-2025-0567,0,0,12e8fb9b6df8c41abec3a05439a422290094ca4ba107624ce5bfa8b951012bc1,2025-01-19T08:15:06.637000
|
||||
CVE-2025-0575,1,1,d4d2531949ce585bd3baa2e011227dda5e0ee79ea48b13bf070b89056542be86,2025-01-19T23:15:20.013000
|
||||
CVE-2025-0576,1,1,33042c2c9506f882ba6a621133bd8825c25f4dd36b4e81f06b5571a45795f2e3,2025-01-20T00:15:16.320000
|
||||
CVE-2025-0575,0,0,d4d2531949ce585bd3baa2e011227dda5e0ee79ea48b13bf070b89056542be86,2025-01-19T23:15:20.013000
|
||||
CVE-2025-0576,0,0,33042c2c9506f882ba6a621133bd8825c25f4dd36b4e81f06b5571a45795f2e3,2025-01-20T00:15:16.320000
|
||||
CVE-2025-0578,1,1,764ff709c23ac6178f7d66316cb4aec54b2dfbe6625cd8cb6a69eb284ca4d3a9,2025-01-20T02:15:18.913000
|
||||
CVE-2025-0583,1,1,8ed8078758003cecf37178786f4bd906ad77d831a470114523ae1b97531b8713,2025-01-20T02:15:19.767000
|
||||
CVE-2025-20016,0,0,6fccb84eb01c2cd66b422e82777f9738bfe5004121e1b551d0ae454724543c0e,2025-01-14T10:15:07.500000
|
||||
CVE-2025-20033,0,0,6c60c85e451f1d6db70378d678ddf83dacc7c823ecfb493748ed6d94114eff49,2025-01-09T07:15:28.450000
|
||||
CVE-2025-20036,0,0,a1d7639f0e568c5953a2962f5a2be630b5737d729f8c4f565a3eec7e4bf19549,2025-01-15T17:15:18.950000
|
||||
|
Can't render this file because it is too large.
|
Loading…
x
Reference in New Issue
Block a user