admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-04-01T23:55:19.839239+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-04-01 23:58:57 +00:00
parent 71988a8d5c
commit e668abbb59
6 changed files with 1207 additions and 1083 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
CVE-2023/CVE-2023-469xx/CVE-2023-46988.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2023-46988",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-01T22:15:20.023",
"lastModified": "2025-04-01T22:15:20.023",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal vulnerability in ONLYOFFICE Document Server v.7.5.0 and before allows a remote attacker to obtain sensitive information via a crafted file upload."
}
],
"metrics": {},
"references": [
{
"url": "https://medium.com/@mihat2/onlyoffice-document-server-path-traversal-fdd573fec291",
"source": "cve@mitre.org"
}
]
}

6
CVE-2024/CVE-2024-204xx/CVE-2024-20439.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-20439", "id": "CVE-2024-20439",
"sourceIdentifier": "psirt@cisco.com", "sourceIdentifier": "psirt@cisco.com",
"published": "2024-09-04T17:15:13.210", "published": "2024-09-04T17:15:13.210",
"lastModified": "2025-04-01T01:00:02.487", "lastModified": "2025-04-01T22:15:20.950",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to log in to an affected system by using a static administrative credential.\r\n\r\nThis vulnerability is due to an undocumented static user credential for an administrative account. An attacker could exploit this vulnerability by using the static credentials to log in to the affected system. A successful exploit could allow the attacker to log in to the affected system with administrative privileges over the API of the Cisco Smart Licensing Utility application." "value": "A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an affected system by using a static administrative credential.\r\n\r This vulnerability is due to an undocumented static user credential for an administrative account. An attacker could exploit this vulnerability by using the static credentials to login to the affected system. A successful exploit could allow the attacker to login to the affected system with administrative rights over the CSLU application API."
}, },
{ {
"lang": "es", "lang": "es",

86
CVE-2025/CVE-2025-303xx/CVE-2025-30356.json Normal file
View File

@ -0,0 +1,86 @@
{
"id": "CVE-2025-30356",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-04-01T22:15:21.297",
"lastModified": "2025-04-01T22:15:21.297",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In 1.3.3 and earlier, a heap buffer overflow vulnerability persists in the Crypto_TC_ApplySecurity function due to an incomplete validation check on the fl (frame length) field. Although CVE-2025-29912 addressed an underflow issue involving fl, the patch fails to fully prevent unsafe calculations. As a result, an attacker can still craft malicious frames that cause a negative tf_payload_len, which is then interpreted as a large unsigned value, leading to a heap buffer overflow in a memcpy call."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-191"
},
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://github.com/nasa/CryptoLib/commit/59d1bce7608c94c6131ef4877535075b0649799c",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-6w2x-w7w3-85w2",
"source": "security-advisories@github.com"
}
]
}

60
CVE-2025/CVE-2025-311xx/CVE-2025-31135.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-31135",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-04-01T22:15:21.437",
"lastModified": "2025-04-01T22:15:21.437",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Go-Guerrilla SMTP Daemon is a lightweight SMTP server written in Go. Prior to 1.6.7, when ProxyOn is enabled, the PROXY command will be accepted multiple times, with later invocations overriding earlier ones. The proxy protocol only supports one initial PROXY header; anything after that is considered part of the exchange between client and server, so the client is free to send further PROXY commands with whatever data it pleases. go-guerrilla will treat these as coming from the reverse proxy, allowing a client to spoof its IP address. This vulnerability is fixed in 1.6.7."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://github.com/phires/go-guerrilla/commit/7673947f2d5204a135d7ae0b7f80759e548abee6",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/phires/go-guerrilla/security/advisories/GHSA-c2c3-pqw5-5p7c",
"source": "security-advisories@github.com"
}
]
}

64
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2025-04-01T22:00:20.744375+00:00 2025-04-01T23:55:19.839239+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2025-04-01T21:23:31.500000+00:00 2025-04-01T22:15:21.437000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -33,69 +33,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs ### Total Number of included CVEs
```plain ```plain
288154 288157
``` ```
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `61` Recently added CVEs: `3`
- [CVE-2025-31525](CVE-2025/CVE-2025-315xx/CVE-2025-31525.json) (`2025-04-01T21:15:48.723`) - [CVE-2023-46988](CVE-2023/CVE-2023-469xx/CVE-2023-46988.json) (`2025-04-01T22:15:20.023`)
- [CVE-2025-31531](CVE-2025/CVE-2025-315xx/CVE-2025-31531.json) (`2025-04-01T21:15:48.873`) - [CVE-2025-30356](CVE-2025/CVE-2025-303xx/CVE-2025-30356.json) (`2025-04-01T22:15:21.297`)
- [CVE-2025-31534](CVE-2025/CVE-2025-315xx/CVE-2025-31534.json) (`2025-04-01T21:15:49.017`) - [CVE-2025-31135](CVE-2025/CVE-2025-311xx/CVE-2025-31135.json) (`2025-04-01T22:15:21.437`)
- [CVE-2025-31537](CVE-2025/CVE-2025-315xx/CVE-2025-31537.json) (`2025-04-01T21:15:49.170`)
- [CVE-2025-31548](CVE-2025/CVE-2025-315xx/CVE-2025-31548.json) (`2025-04-01T21:15:49.313`)
- [CVE-2025-31550](CVE-2025/CVE-2025-315xx/CVE-2025-31550.json) (`2025-04-01T21:15:49.463`)
- [CVE-2025-31551](CVE-2025/CVE-2025-315xx/CVE-2025-31551.json) (`2025-04-01T21:15:49.613`)
- [CVE-2025-31552](CVE-2025/CVE-2025-315xx/CVE-2025-31552.json) (`2025-04-01T21:15:49.760`)
- [CVE-2025-31553](CVE-2025/CVE-2025-315xx/CVE-2025-31553.json) (`2025-04-01T21:15:49.910`)
- [CVE-2025-31560](CVE-2025/CVE-2025-315xx/CVE-2025-31560.json) (`2025-04-01T21:15:50.060`)
- [CVE-2025-31561](CVE-2025/CVE-2025-315xx/CVE-2025-31561.json) (`2025-04-01T21:15:50.197`)
- [CVE-2025-31563](CVE-2025/CVE-2025-315xx/CVE-2025-31563.json) (`2025-04-01T21:15:50.340`)
- [CVE-2025-31564](CVE-2025/CVE-2025-315xx/CVE-2025-31564.json) (`2025-04-01T21:15:50.490`)
- [CVE-2025-31568](CVE-2025/CVE-2025-315xx/CVE-2025-31568.json) (`2025-04-01T21:15:50.640`)
- [CVE-2025-31571](CVE-2025/CVE-2025-315xx/CVE-2025-31571.json) (`2025-04-01T21:15:50.780`)
- [CVE-2025-31578](CVE-2025/CVE-2025-315xx/CVE-2025-31578.json) (`2025-04-01T21:15:50.930`)
- [CVE-2025-31579](CVE-2025/CVE-2025-315xx/CVE-2025-31579.json) (`2025-04-01T21:15:51.087`)
- [CVE-2025-31580](CVE-2025/CVE-2025-315xx/CVE-2025-31580.json) (`2025-04-01T21:15:51.233`)
- [CVE-2025-31594](CVE-2025/CVE-2025-315xx/CVE-2025-31594.json) (`2025-04-01T21:15:51.390`)
- [CVE-2025-31612](CVE-2025/CVE-2025-316xx/CVE-2025-31612.json) (`2025-04-01T21:15:51.533`)
- [CVE-2025-31619](CVE-2025/CVE-2025-316xx/CVE-2025-31619.json) (`2025-04-01T21:15:51.690`)
- [CVE-2025-31628](CVE-2025/CVE-2025-316xx/CVE-2025-31628.json) (`2025-04-01T21:15:51.833`)
- [CVE-2025-31753](CVE-2025/CVE-2025-317xx/CVE-2025-31753.json) (`2025-04-01T21:15:52.430`)
- [CVE-2025-31819](CVE-2025/CVE-2025-318xx/CVE-2025-31819.json) (`2025-04-01T21:15:53.473`)
- [CVE-2025-31889](CVE-2025/CVE-2025-318xx/CVE-2025-31889.json) (`2025-04-01T21:15:53.633`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit
Recently modified CVEs: `963` Recently modified CVEs: `1`
- [CVE-2025-31873](CVE-2025/CVE-2025-318xx/CVE-2025-31873.json) (`2025-04-01T20:26:01.990`) - [CVE-2024-20439](CVE-2024/CVE-2024-204xx/CVE-2024-20439.json) (`2025-04-01T22:15:20.950`)
- [CVE-2025-31874](CVE-2025/CVE-2025-318xx/CVE-2025-31874.json) (`2025-04-01T20:26:01.990`)
- [CVE-2025-31875](CVE-2025/CVE-2025-318xx/CVE-2025-31875.json) (`2025-04-01T20:26:01.990`)
- [CVE-2025-31877](CVE-2025/CVE-2025-318xx/CVE-2025-31877.json) (`2025-04-01T20:26:01.990`)
- [CVE-2025-31878](CVE-2025/CVE-2025-318xx/CVE-2025-31878.json) (`2025-04-01T20:26:01.990`)
- [CVE-2025-31879](CVE-2025/CVE-2025-318xx/CVE-2025-31879.json) (`2025-04-01T20:26:01.990`)
- [CVE-2025-31880](CVE-2025/CVE-2025-318xx/CVE-2025-31880.json) (`2025-04-01T20:26:01.990`)
- [CVE-2025-31881](CVE-2025/CVE-2025-318xx/CVE-2025-31881.json) (`2025-04-01T20:26:01.990`)
- [CVE-2025-31882](CVE-2025/CVE-2025-318xx/CVE-2025-31882.json) (`2025-04-01T20:26:01.990`)
- [CVE-2025-31883](CVE-2025/CVE-2025-318xx/CVE-2025-31883.json) (`2025-04-01T20:26:01.990`)
- [CVE-2025-31884](CVE-2025/CVE-2025-318xx/CVE-2025-31884.json) (`2025-04-01T20:26:01.990`)
- [CVE-2025-31885](CVE-2025/CVE-2025-318xx/CVE-2025-31885.json) (`2025-04-01T20:26:01.990`)
- [CVE-2025-31886](CVE-2025/CVE-2025-318xx/CVE-2025-31886.json) (`2025-04-01T20:26:01.990`)
- [CVE-2025-31887](CVE-2025/CVE-2025-318xx/CVE-2025-31887.json) (`2025-04-01T20:26:01.990`)
- [CVE-2025-31888](CVE-2025/CVE-2025-318xx/CVE-2025-31888.json) (`2025-04-01T20:26:01.990`)
- [CVE-2025-31890](CVE-2025/CVE-2025-318xx/CVE-2025-31890.json) (`2025-04-01T20:26:01.990`)
- [CVE-2025-31891](CVE-2025/CVE-2025-318xx/CVE-2025-31891.json) (`2025-04-01T20:26:01.990`)
- [CVE-2025-31892](CVE-2025/CVE-2025-318xx/CVE-2025-31892.json) (`2025-04-01T20:26:01.990`)
- [CVE-2025-31894](CVE-2025/CVE-2025-318xx/CVE-2025-31894.json) (`2025-04-01T20:26:01.990`)
- [CVE-2025-31895](CVE-2025/CVE-2025-318xx/CVE-2025-31895.json) (`2025-04-01T20:26:01.990`)
- [CVE-2025-31897](CVE-2025/CVE-2025-318xx/CVE-2025-31897.json) (`2025-04-01T20:26:01.990`)
- [CVE-2025-31904](CVE-2025/CVE-2025-319xx/CVE-2025-31904.json) (`2025-04-01T20:26:01.990`)
- [CVE-2025-31906](CVE-2025/CVE-2025-319xx/CVE-2025-31906.json) (`2025-04-01T20:26:01.990`)
- [CVE-2025-31908](CVE-2025/CVE-2025-319xx/CVE-2025-31908.json) (`2025-04-01T20:26:01.990`)
- [CVE-2025-31910](CVE-2025/CVE-2025-319xx/CVE-2025-31910.json) (`2025-04-01T20:26:01.990`)
## Download and Usage ## Download and Usage

2053
_state.csv
View File

File diff suppressed because it is too large Load Diff