admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 11:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-04-05T22:00:26.251361+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-04-05 22:04:07 +00:00
parent 61d1f99010
commit e6cd0b4e1b
7 changed files with 384 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
CVE-2025/CVE-2025-323xx/CVE-2025-32357.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-32357",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-05T21:15:39.450",
"lastModified": "2025-04-05T21:15:39.450",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Zammad 6.4.x before 6.4.2, an authenticated agent with knowledge base permissions was able to use the Zammad API to fetch knowledge base content that they have no permission for."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-288"
}
]
}
],
"references": [
{
"url": "https://zammad.com/en/advisories/zaa-2025-04",
"source": "cve@mitre.org"
}
]
}

56
CVE-2025/CVE-2025-323xx/CVE-2025-32358.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-32358",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-05T21:15:40.487",
"lastModified": "2025-04-05T21:15:40.487",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Zammad 6.4.x before 6.4.2, SSRF can occur. Authenticated admin users can enable webhooks in Zammad, which are triggered as POST requests when certain conditions are met. If a webhook endpoint returned a redirect response, Zammad would follow it automatically with another GET request. This could be abused by an attacker to cause GET requests for example in the local network."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://zammad.com/en/advisories/zaa-2025-01",
"source": "cve@mitre.org"
}
]
}

56
CVE-2025/CVE-2025-323xx/CVE-2025-32359.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-32359",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-05T21:15:40.657",
"lastModified": "2025-04-05T21:15:40.657",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Zammad 6.4.x before 6.4.2, there is client-side enforcement of server-side security. When changing their two factor authentication configuration, users need to re-authenticate with their current password first. However, this change was enforced in Zammad only on the front end level, and not when using the API directly."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.2,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-602"
}
]
}
],
"references": [
{
"url": "https://zammad.com/en/advisories/zaa-2025-02",
"source": "cve@mitre.org"
}
]
}

56
CVE-2025/CVE-2025-323xx/CVE-2025-32360.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-32360",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-05T21:15:40.820",
"lastModified": "2025-04-05T21:15:40.820",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Zammad 6.4.x before 6.4.2, there is information exposure. Only agents should be able to see and work on shared article drafts. However, a logged in customer was able to see details about shared drafts for their customer tickets in the browser console, which may contain confidential information, and also to manipulate them via API."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.6,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-402"
}
]
}
],
"references": [
{
"url": "https://zammad.com/en/advisories/zaa-2025-03",
"source": "cve@mitre.org"
}
]
}

145
CVE-2025/CVE-2025-33xx/CVE-2025-3303.json Normal file
View File

@ -0,0 +1,145 @@
{
"id": "CVE-2025-3303",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-04-05T21:15:40.990",
"lastModified": "2025-04-05T21:15:40.990",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in code-projects Patient Record Management System 1.0. Affected by this issue is some unknown functionality of the file /birthing_record.php. The manipulation of the argument itr_no leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseScore": 6.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/hyfhacker/cve/blob/main/README.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.303500",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.303500",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.549644",
"source": "cna@vuldb.com"
}
]
}

14
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2025-04-05T20:00:26.478129+00:00
2025-04-05T22:00:26.251361+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2025-04-05T19:15:38.857000+00:00
2025-04-05T21:15:40.990000+00:00
```
### Last Data Feed Release
@ -33,14 +33,18 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
288694
288699
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `5`
- [CVE-2024-56370](CVE-2024/CVE-2024-563xx/CVE-2024-56370.json) (`2025-04-05T19:15:38.857`)
- [CVE-2025-32357](CVE-2025/CVE-2025-323xx/CVE-2025-32357.json) (`2025-04-05T21:15:39.450`)
- [CVE-2025-32358](CVE-2025/CVE-2025-323xx/CVE-2025-32358.json) (`2025-04-05T21:15:40.487`)
- [CVE-2025-32359](CVE-2025/CVE-2025-323xx/CVE-2025-32359.json) (`2025-04-05T21:15:40.657`)
- [CVE-2025-32360](CVE-2025/CVE-2025-323xx/CVE-2025-32360.json) (`2025-04-05T21:15:40.820`)
- [CVE-2025-3303](CVE-2025/CVE-2025-33xx/CVE-2025-3303.json) (`2025-04-05T21:15:40.990`)
### CVEs modified in the last Commit

7
_state.csv
View File

@ -276161,7 +276161,7 @@ CVE-2024-56366,0,0,dbee9ffdd288482f1f83bfde5c1fc74ab25ff3567b18ee35b0e7194292799
CVE-2024-56368,0,0,3fcf15405e5d098a7d36ecb9520617c7fca5345251aca6249179f3e1c86517d0,2025-01-11T13:15:28.530000
CVE-2024-56369,0,0,3c8472717567d8bf18ec0d8e83a626d55afe4bbcb99b2a53e44807eb7ad97aa3,2025-01-16T15:18:59.237000
CVE-2024-5637,0,0,a5e32b0dfdcc3b00fa1c534a6efa8caef39b80f083f1c956c246ad8a83c6df00,2024-11-21T09:48:04.030000
CVE-2024-56370,1,1,40e6bc309d8859813320835f6ee12c3e8f55c8f4f51dc54624bd3a9a3a4c27fc,2025-04-05T19:15:38.857000
CVE-2024-56370,0,0,40e6bc309d8859813320835f6ee12c3e8f55c8f4f51dc54624bd3a9a3a4c27fc,2025-04-05T19:15:38.857000
CVE-2024-56372,0,0,90a1aabf121e4966bb6f781ef40b9ea4a8ff306749512dfc68df7e160a9b150b,2025-01-11T13:15:28.873000
CVE-2024-56374,0,0,91d6bf2640ab08f01eee0fcea596536908a920126e7285157c89b5a637fa554c,2025-01-23T18:15:32.820000
CVE-2024-56375,0,0,1aeae50409e14309fb31af7dcf320eae7189e473177b68d63698866c2c62cd0b,2024-12-26T06:15:06.203000
@ -288664,7 +288664,11 @@ CVE-2025-3229,0,0,09347180a6a7f828e0747f2ed45b00fdd7a1f719f9ab350e19aecf2c1c123a
CVE-2025-3231,0,0,de2ff2a8c76e38c6b06f54c3981a381c63043cd187dc0f869ed608d2e9e7696c,2025-04-04T09:15:17.677000
CVE-2025-3235,0,0,d022d5157edbac8fbfeb9141a3748050787bdf76ed78cf441cd594af050e5131,2025-04-04T10:15:16.900000
CVE-2025-32352,0,0,9ba6350b6807916f69f8382d7df9501c6c2329ac3a6a0d75e0f3016720f7409b,2025-04-05T06:15:39.653000
CVE-2025-32357,1,1,27abd7042cea71911e380a30cf2ee5e0c91d9ec3620cbbf72dd4615bb1fb5596,2025-04-05T21:15:39.450000
CVE-2025-32358,1,1,67f5b1d9deade3a8e2f00fa4d4b975cbdf610a67d2a521e969fe3583fb55c4c4,2025-04-05T21:15:40.487000
CVE-2025-32359,1,1,6187ae8290a450bd8a82a6b72c5b30b3aadac60db493fd3c72b75d8db5408564,2025-04-05T21:15:40.657000
CVE-2025-3236,0,0,5d4e067380b83b38fff7db048531cbbf8dd6b43b2fc6d26b5d090f351b090b28,2025-04-04T10:15:17.177000
CVE-2025-32360,1,1,0e74289220e4b285c0e8748f3e1650706d339f80b6d12512f31f5c70a948d5d7,2025-04-05T21:15:40.820000
CVE-2025-3237,0,0,2b0634913d301c0209a0690fb90ddcaa8b200550805a1d4ec2db149b30fd4af2,2025-04-04T10:15:17.383000
CVE-2025-3238,0,0,49b7638c423114327b5e6867f71919ab552663d9bb2b5517ae05eef59b2968e0,2025-04-04T10:15:17.577000
CVE-2025-3239,0,0,a890b57275ecd0351eb57a0ff486b7b7ddc21d7a21c77a8b45094fdc21902b92,2025-04-04T11:15:40.393000
@ -288693,3 +288697,4 @@ CVE-2025-3296,0,0,5278e4507cd14730bc804831f53bf0aedaa27d34c9989bac9ff3f425fd80e6
CVE-2025-3297,0,0,9d657205cb1e1fa121cd9d46f1e89f67c4e384343683d67c9067920e028e61b5,2025-04-05T09:15:15.237000
CVE-2025-3298,0,0,f489b37e862b9985c9c03fe106e95e8b15c160be3e8c5296a92578b4574edfe4,2025-04-05T11:15:40.917000
CVE-2025-3299,0,0,bddd729a6927cb255675ce738cd015969a7cc6b02a8cfe6feb6b634f6ef818b7,2025-04-05T11:15:41.180000
CVE-2025-3303,1,1,6221e6ee3090234e52eafd095ff7bb4444c418778b5f3445b7a8782971faacf3,2025-04-05T21:15:40.990000

Can't render this file because it is too large.