From 1c8ec8c3af917c2d1d1f3aae50fe303f26abd0cd Mon Sep 17 00:00:00 2001 From: github-actions Date: Sat, 18 Jan 2025 14:04:28 +0000 Subject: [PATCH] NVD Sync 2025-01-18 14:04 --- cve/2025/CVE-2025-0558.json | 1 + syncdate.json | 8 ++++---- 2 files changed, 5 insertions(+), 4 deletions(-) create mode 100644 cve/2025/CVE-2025-0558.json diff --git a/cve/2025/CVE-2025-0558.json b/cve/2025/CVE-2025-0558.json new file mode 100644 index 00000000000..d8b44cb5366 --- /dev/null +++ b/cve/2025/CVE-2025-0558.json @@ -0,0 +1 @@ +{"cve": {"id": "CVE-2025-0558", "sourceIdentifier": "cna@vuldb.com", "published": "2025-01-18T13:15:20.417", "lastModified": "2025-01-18T13:15:20.417", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical was found in TDuckCloud tduck-platform up to 4.0. This vulnerability affects the function QueryProThemeRequest of the file src/main/java/com/tduck/cloud/form/request/QueryProThemeRequest.java. The manipulation of the argument color leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": {"cvssMetricV40": [{"source": "cna@vuldb.com", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnerableSystemConfidentiality": "LOW", "vulnerableSystemIntegrity": "LOW", "vulnerableSystemAvailability": "LOW", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "subsequentSystemAvailability": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "safety": "NOT_DEFINED", "automatable": "NOT_DEFINED", "recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "cna@vuldb.com", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}], "cvssMetricV2": [{"source": "cna@vuldb.com", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "cna@vuldb.com", "type": "Primary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}], "references": [{"url": "https://github.com/ggg48966/123123/blob/main/TDuckCloud.md", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?ctiid.292492", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?id.292492", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?submit.474613", "source": "cna@vuldb.com"}]}} \ No newline at end of file diff --git a/syncdate.json b/syncdate.json index f7a77189fee..53955c77173 100644 --- a/syncdate.json +++ b/syncdate.json @@ -1,10 +1,10 @@ { "vulnerabilities": { - "lastModStartDate": "2025-01-18T10:02:53.410", - "lastModEndDate": "2025-01-18T12:03:05.917" + "lastModStartDate": "2025-01-18T12:03:05.917", + "lastModEndDate": "2025-01-18T14:04:24.173" }, "matchStrings": { - "lastModStartDate": "2025-01-18T10:02:52.973", - "lastModEndDate": "2025-01-18T12:03:05.870" + "lastModStartDate": "2025-01-18T12:03:05.870", + "lastModEndDate": "2025-01-18T14:04:23.737" } } \ No newline at end of file