diff --git a/vulnerabilities/pipelines/nvd_importer.py b/vulnerabilities/pipelines/nvd_importer.py index 645b9f442..bd204364d 100644 --- a/vulnerabilities/pipelines/nvd_importer.py +++ b/vulnerabilities/pipelines/nvd_importer.py @@ -94,7 +94,7 @@ def advisories_count(self): return advisory_count def collect_advisories(self) -> Iterable[AdvisoryData]: - for _year, cve_data in fetch_cve_data_1_1(logger=self.log): + for _year, cve_data in fetch_cve_data_2_0(logger=self.log): yield from to_advisories(cve_data=cve_data) @@ -107,7 +107,7 @@ def fetch(url, logger=None): return json.loads(data) -def fetch_cve_data_1_1(starting_year=2002, logger=None): +def fetch_cve_data_2_0(starting_year=2002, logger=None): """ Yield tuples of (year, lists of CVE mappings) from the NVD, one for each year since ``starting_year`` defaulting to 2002. @@ -115,7 +115,7 @@ def fetch_cve_data_1_1(starting_year=2002, logger=None): current_year = date.today().year # NVD json feeds start from 2002. for year in range(starting_year, current_year + 1): - download_url = f"https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-{year}.json.gz" + download_url = f"https://nvd.nist.gov/feeds/json/cve/2.0/nvdcve-2.0-{year}.json.gz" yield year, fetch(url=download_url, logger=logger) @@ -134,12 +134,14 @@ class CveItem: cve_item = attr.attrib(default=attr.Factory(dict), type=dict) @classmethod - def to_advisories(cls, cve_data, skip_hardware=True): + def to_advisories(cls, vulnerabilities, skip_hardware=True): """ Yield AdvisoryData objects from ``cve_data`` data for CVE JSON 1.1feed. Skip hardware """ - for cve_item in CveItem.from_cve_data(cve_data=cve_data, skip_hardware=skip_hardware): + for cve_item in CveItem.from_cve_data( + vulnerabilities=vulnerabilities, skip_hardware=skip_hardware + ): yield cve_item.to_advisory() @classmethod @@ -147,7 +149,7 @@ def from_cve_data(cls, cve_data, skip_hardware=True): """ Yield CVE items mapping from a cve_data list of CVE mappings from the NVD. """ - for cve_item in cve_data.get("CVE_Items") or []: + for cve_item in cve_data.get("vulnerabilities") or []: if not cve_item: continue if not isinstance(cve_item, dict): @@ -159,20 +161,20 @@ def from_cve_data(cls, cve_data, skip_hardware=True): @property def cve_id(self): - return self.cve_item["cve"]["CVE_data_meta"]["ID"] + return self.cve_item["cve"]["id"] @property def summary(self): """ Return a descriptive summary. """ - # In 99% of cases len(cve_item['cve']['description']['description_data']) == 1 , so - # this usually returns cve_item['cve']['description']['description_data'][0]['value'] + # In 99% of cases len(cve_item['cve']['description']) == 1 , so + # this usually returns cve_item['cve']['description'][0]['value'] # In the remaining 1% cases this returns the longest summary. - # FIXME: we should retun the full description WITH the summry as the first line instead + # FIXME: we should return the full description WITH the summary as the first line instead summaries = [] - for desc in get_item(self.cve_item, "cve", "description", "description_data") or []: - if desc.get("value"): + for desc in get_item(self.cve_item, "cve", "descriptions") or []: + if desc.get("value") and desc.get("lang") == "en": summaries.append(desc["value"]) return max(summaries, key=len) if summaries else None @@ -183,11 +185,12 @@ def cpes(self): """ # FIXME: we completely ignore the configurations here cpes = [] - for node in get_item(self.cve_item, "configurations", "nodes") or []: - for cpe_data in node.get("cpe_match") or []: - cpe23_uri = cpe_data.get("cpe23Uri") - if cpe23_uri and cpe23_uri not in cpes: - cpes.append(cpe23_uri) + for nodes in get_item(self.cve_item, "cve", "configurations") or []: + for node in nodes.get("nodes") or []: + for cpe_data in node.get("cpeMatch") or []: + cpe23_uri = cpe_data.get("criteria") + if cpe23_uri and cpe23_uri not in cpes: + cpes.append(cpe23_uri) return cpes @property @@ -243,7 +246,7 @@ def reference_urls(self): # FIXME: we should also collect additional data from the references such as tags and ids urls = [] - for reference in get_item(self.cve_item, "cve", "references", "reference_data") or []: + for reference in get_item(self.cve_item, "cve", "references") or []: ref_url = reference.get("url") if ref_url and ref_url.startswith(("http", "ftp")) and ref_url not in urls: urls.append(ref_url) @@ -294,9 +297,7 @@ def weaknesses(self): Return a list of CWE IDs like: [119, 189] """ weaknesses = [] - for weaknesses_item in ( - get_item(self.cve_item, "cve", "problemtype", "problemtype_data") or [] - ): + for weaknesses_item in get_item(self.cve_item, "cve", "weaknesses") or []: weaknesses_description = weaknesses_item.get("description") or [] for weaknesses_value in weaknesses_description: cwe_id = ( @@ -315,7 +316,7 @@ def to_advisory(self): aliases=[self.cve_id], summary=self.summary, references=self.references, - date_published=dateparser.parse(self.cve_item.get("publishedDate")), + date_published=dateparser.parse(self.cve_item["cve"].get("published")), weaknesses=self.weaknesses, url=f"https://nvd.nist.gov/vuln/detail/{self.cve_id}", ) diff --git a/vulnerabilities/tests/pipelines/test_nvd_importer_pipeline.py b/vulnerabilities/tests/pipelines/test_nvd_importer_pipeline.py index 5b90ca986..b97527327 100644 --- a/vulnerabilities/tests/pipelines/test_nvd_importer_pipeline.py +++ b/vulnerabilities/tests/pipelines/test_nvd_importer_pipeline.py @@ -76,96 +76,331 @@ def test_to_advisories_marks_rejected_cve(regen=REGEN): # TODO: use a JSON fixtures instead def get_test_cve_item(): - return { "cve": { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": {"ID": "CVE-2005-4895", "ASSIGNER": "cve@mitre.org"}, - "problemtype": { - "problemtype_data": [{"description": [{"lang": "en", "value": "CWE-189"}]}] - }, - "references": { - "reference_data": [ - { - "url": "http://code.google.com/p/gperftools/source/browse/tags/perftools-0.4/ChangeLog", - "name": "http://code.google.com/p/gperftools/source/browse/tags/perftools-0.4/ChangeLog", - "refsource": "CONFIRM", - "tags": [], - }, - { - "url": "http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/", - "name": "http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/", - "refsource": "MISC", - "tags": [], - }, - ] - }, - "description": { - "description_data": [ + "id": "CVE-2025-45988", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-06-13T12:15:34.403", + "lastModified": "2025-07-10T12:16:15.107", + "vulnStatus": "Analyzed", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 were discovered to contain multiple command injection vulnerabilities via the cmd parameter in the bs_SetCmd function.", + }, + { + "lang": "es", + "value": "Se descubrió que los enrutadores Blink BL-WR9000 V2.4.9, BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5, BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 y BL-X26_DA3 v1.2.7 contenían múltiples vulnerabilidades de inyección de comandos a través del parámetro cmd en la función bs_SetCmd.", + }, + ], + "metrics": { + "cvssMetricV31": [ { - "lang": "en", - "value": "Multiple integer overflows in TCMalloc (tcmalloc.cc) in gperftools before 0.4 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected.", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9, } ] }, - }, - "configurations": { - "CVE_data_version": "4.0", - "nodes": [ + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [{"lang": "en", "value": "CWE-77"}], + } + ], + "configurations": [ { - "operator": "OR", - "cpe_match": [ + "operator": "AND", + "nodes": [ { - "vulnerable": True, - "cpe23Uri": "cpe:2.3:a:csilvers:gperftools:0.1:*:*:*:*:*:*:*", + "operator": "OR", + "negate": False, + "cpeMatch": [ + { + "vulnerable": True, + "criteria": "cpe:2.3:o:b-link:bl-wr9000_firmware:2.4.9:*:*:*:*:*:*:*", + "matchCriteriaId": "0D1A3280-9C15-4961-8C69-9ECE34528FDB", + } + ], }, { - "vulnerable": True, - "cpe23Uri": "cpe:2.3:a:csilvers:gperftools:0.2:*:*:*:*:*:*:*", + "operator": "OR", + "negate": False, + "cpeMatch": [ + { + "vulnerable": False, + "criteria": "cpe:2.3:h:b-link:bl-wr9000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2D5ADB0D-6D03-448A-A0F3-7C238A20AF46", + } + ], }, + ], + }, + { + "operator": "AND", + "nodes": [ { - "vulnerable": True, - "cpe23Uri": "cpe:2.3:a:csilvers:gperftools:*:*:*:*:*:*:*:*", - "versionEndIncluding": "0.3", + "operator": "OR", + "negate": False, + "cpeMatch": [ + { + "vulnerable": True, + "criteria": "cpe:2.3:o:b-link:bl-ac1900_firmware:1.0.2:*:*:*:*:*:*:*", + "matchCriteriaId": "BE554304-8F2B-40A1-98CB-DE641B4CCE61", + } + ], + }, + { + "operator": "OR", + "negate": False, + "cpeMatch": [ + { + "vulnerable": False, + "criteria": "cpe:2.3:h:b-link:bl-ac1900:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2C5CA5E8-C497-475E-B0CE-6F54B6E9BFA8", + } + ], + }, + ], + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": False, + "cpeMatch": [ + { + "vulnerable": True, + "criteria": "cpe:2.3:o:b-link:bl-ac2100_az3_firmware:1.0.4:*:*:*:*:*:*:*", + "matchCriteriaId": "05E31365-4655-4B8D-9B75-AE70292C12C3", + } + ], + }, + { + "operator": "OR", + "negate": False, + "cpeMatch": [ + { + "vulnerable": False, + "criteria": "cpe:2.3:h:b-link:bl-ac2100_az3:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B134A86-F380-4BE4-9CEC-5CBAE046CF8B", + } + ], + }, + ], + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": False, + "cpeMatch": [ + { + "vulnerable": True, + "criteria": "cpe:2.3:o:b-link:bl-x10_ac8_firmware:1.0.5:*:*:*:*:*:*:*", + "matchCriteriaId": "AAA6D548-72E1-435B-8EDB-50C1C258CE9C", + } + ], + }, + { + "operator": "OR", + "negate": False, + "cpeMatch": [ + { + "vulnerable": False, + "criteria": "cpe:2.3:h:b-link:bl-x10_ac8:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B153FF75-DDAF-4B43-8D54-C8211C607C2C", + } + ], }, ], + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": False, + "cpeMatch": [ + { + "vulnerable": True, + "criteria": "cpe:2.3:o:b-link:bl-lte300_firmware:1.2.3:*:*:*:*:*:*:*", + "matchCriteriaId": "8907D058-539D-44B8-BC30-EC137B4C6841", + } + ], + }, + { + "operator": "OR", + "negate": False, + "cpeMatch": [ + { + "vulnerable": False, + "criteria": "cpe:2.3:h:b-link:bl-lte300:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4CD2D0EC-F71B-4CD6-8013-EDCDE49B6BC9", + } + ], + }, + ], + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": False, + "cpeMatch": [ + { + "vulnerable": True, + "criteria": "cpe:2.3:o:b-link:bl-f1200_at1_firmware:1.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3DD8A5B3-0FF1-4512-9AEB-68A801956085", + } + ], + }, + { + "operator": "OR", + "negate": False, + "cpeMatch": [ + { + "vulnerable": False, + "criteria": "cpe:2.3:h:b-link:bl-f1200_at1:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9391FA6B-40EF-4A53-9B38-3F5EA0611970", + } + ], + }, + ], + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": False, + "cpeMatch": [ + { + "vulnerable": True, + "criteria": "cpe:2.3:o:b-link:bl-x26_ac8_firmware:1.2.8:*:*:*:*:*:*:*", + "matchCriteriaId": "FCE90D05-D32B-4C52-917C-024FB4814751", + } + ], + }, + { + "operator": "OR", + "negate": False, + "cpeMatch": [ + { + "vulnerable": False, + "criteria": "cpe:2.3:h:b-link:bl-x26_ac8:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A13AD09A-4BF0-49B9-AB05-439D34413C81", + } + ], + }, + ], + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": False, + "cpeMatch": [ + { + "vulnerable": True, + "criteria": "cpe:2.3:o:b-link:blac450m_ae4_firmware:4.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "5422B990-7572-42A1-89C4-D8FEEEC066ED", + } + ], + }, + { + "operator": "OR", + "negate": False, + "cpeMatch": [ + { + "vulnerable": False, + "criteria": "cpe:2.3:h:b-link:blac450m_ae4:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A469F008-B95F-480C-A677-43E6D448FEEB", + } + ], + }, + ], + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": False, + "cpeMatch": [ + { + "vulnerable": True, + "criteria": "cpe:2.3:o:b-link:bl-x26_da3_firmware:1.2.7:*:*:*:*:*:*:*", + "matchCriteriaId": "D3D8F5C4-F1A2-4E88-A795-DEAC4E77B3C1", + } + ], + }, + { + "operator": "OR", + "negate": False, + "cpeMatch": [ + { + "vulnerable": False, + "criteria": "cpe:2.3:h:b-link:bl-x26_da3:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1C8F576A-7D13-4311-9FDD-9BFB4E5705D8", + } + ], + }, + ], + }, + ], + "references": [ + { + "url": "https://github.com/glkfc/IoT-Vulnerability/blob/main/LB-LINK/LB-LINK_cmd%20Indicates%20the%20unauthorized%20command%20injection/The%20LB-LINK_cmd%20command%20is%20used%20to%20inject%20information.md", + "source": "cve@mitre.org", + "tags": ["Exploit"], } ], - }, - "impact": { - "baseMetricV2": { - "cvssV2": { - "version": "2.0", - "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "accessVector": "NETWORK", - "accessComplexity": "LOW", - "authentication": "NONE", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "availabilityImpact": "PARTIAL", - "baseScore": 5.0, - }, - "severity": "MEDIUM", - "exploitabilityScore": 10.0, - "impactScore": 2.9, - "obtainAllPrivilege": False, - "obtainUserPrivilege": False, - "obtainOtherPrivilege": False, - "userInteractionRequired": False, - } - }, - "publishedDate": "2012-07-25T19:55Z", - "lastModifiedDate": "2012-08-09T04:00Z", + } } def test_CveItem_cpes(): expected_cpes = [ - "cpe:2.3:a:csilvers:gperftools:0.1:*:*:*:*:*:*:*", - "cpe:2.3:a:csilvers:gperftools:0.2:*:*:*:*:*:*:*", - "cpe:2.3:a:csilvers:gperftools:*:*:*:*:*:*:*:*", + "cpe:2.3:o:b-link:bl-wr9000_firmware:2.4.9:*:*:*:*:*:*:*", + "cpe:2.3:h:b-link:bl-wr9000:-:*:*:*:*:*:*:*", + "cpe:2.3:o:b-link:bl-ac1900_firmware:1.0.2:*:*:*:*:*:*:*", + "cpe:2.3:h:b-link:bl-ac1900:-:*:*:*:*:*:*:*", + "cpe:2.3:o:b-link:bl-ac2100_az3_firmware:1.0.4:*:*:*:*:*:*:*", + "cpe:2.3:h:b-link:bl-ac2100_az3:-:*:*:*:*:*:*:*", + "cpe:2.3:o:b-link:bl-x10_ac8_firmware:1.0.5:*:*:*:*:*:*:*", + "cpe:2.3:h:b-link:bl-x10_ac8:-:*:*:*:*:*:*:*", + "cpe:2.3:o:b-link:bl-lte300_firmware:1.2.3:*:*:*:*:*:*:*", + "cpe:2.3:h:b-link:bl-lte300:-:*:*:*:*:*:*:*", + "cpe:2.3:o:b-link:bl-f1200_at1_firmware:1.0.0:*:*:*:*:*:*:*", + "cpe:2.3:h:b-link:bl-f1200_at1:-:*:*:*:*:*:*:*", + "cpe:2.3:o:b-link:bl-x26_ac8_firmware:1.2.8:*:*:*:*:*:*:*", + "cpe:2.3:h:b-link:bl-x26_ac8:-:*:*:*:*:*:*:*", + "cpe:2.3:o:b-link:blac450m_ae4_firmware:4.0.0:*:*:*:*:*:*:*", + "cpe:2.3:h:b-link:blac450m_ae4:-:*:*:*:*:*:*:*", + "cpe:2.3:o:b-link:bl-x26_da3_firmware:1.2.7:*:*:*:*:*:*:*", + "cpe:2.3:h:b-link:bl-x26_da3:-:*:*:*:*:*:*:*", ] found_cpes = nvd_importer.CveItem(cve_item=get_test_cve_item()).cpes @@ -182,10 +417,10 @@ def test_is_related_to_hardware(): def test_CveItem_summary_with_single_summary(): expected_summary = ( - "Multiple integer overflows in TCMalloc (tcmalloc.cc) in gperftools " - "before 0.4 make it easier for context-dependent attackers to perform memory-related " - "attacks such as buffer overflows via a large size value, which causes less memory to " - "be allocated than expected." + "Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , " + "BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 " + "v4.0.0 and BL-X26_DA3 v1.2.7 were discovered to contain multiple command " + "injection vulnerabilities via the cmd parameter in the bs_SetCmd function." ) assert nvd_importer.CveItem(cve_item=get_test_cve_item()).summary == expected_summary @@ -193,8 +428,7 @@ def test_CveItem_summary_with_single_summary(): def test_CveItem_reference_urls(): expected_urls = [ - "http://code.google.com/p/gperftools/source/browse/tags/perftools-0.4/ChangeLog", - "http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/", + "https://github.com/glkfc/IoT-Vulnerability/blob/main/LB-LINK/LB-LINK_cmd%20Indicates%20the%20unauthorized%20command%20injection/The%20LB-LINK_cmd%20command%20is%20used%20to%20inject%20information.md" ] assert nvd_importer.CveItem(cve_item=get_test_cve_item()).reference_urls == expected_urls diff --git a/vulnerabilities/tests/test_data/nvd/nvd-expected.json b/vulnerabilities/tests/test_data/nvd/nvd-expected.json index 7d5482fe5..d673aece2 100644 --- a/vulnerabilities/tests/test_data/nvd/nvd-expected.json +++ b/vulnerabilities/tests/test_data/nvd/nvd-expected.json @@ -1,396 +1,144 @@ [ { "aliases": [ - "CVE-2005-4895" + "CVE-2025-0168" ], - "summary": "Multiple integer overflows in TCMalloc (tcmalloc.cc) in gperftools before 0.4 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected.", + "summary": "A vulnerability classified as critical has been found in code-projects Job Recruitment 1.0. This affects an unknown part of the file /_parse/_feedback_system.php. The manipulation of the argument person leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.", "affected_packages": [], "references": [ { "reference_id": "", "reference_type": "", - "url": "http://code.google.com/p/gperftools/source/browse/tags/perftools-0.4/ChangeLog", + "url": "https://code-projects.org/", "severities": [] }, { "reference_id": "", "reference_type": "", - "url": "http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/", + "url": "https://github.com/UnrealdDei/cve/blob/main/sql11.md", "severities": [] }, { - "reference_id": "CVE-2005-4895", + "reference_id": "", "reference_type": "", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-4895", - "severities": [ - { - "system": "cvssv2", - "value": "5.0", - "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" - } - ] + "url": "https://vuldb.com/?ctiid.289917", + "severities": [] }, { - "reference_id": "cpe:2.3:a:csilvers:gperftools:*:*:*:*:*:*:*:*", + "reference_id": "", "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:csilvers:gperftools:*:*:*:*:*:*:*:*", + "url": "https://vuldb.com/?id.289917", "severities": [] }, { - "reference_id": "cpe:2.3:a:csilvers:gperftools:0.1:*:*:*:*:*:*:*", + "reference_id": "", "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:csilvers:gperftools:0.1:*:*:*:*:*:*:*", + "url": "https://vuldb.com/?submit.473107", "severities": [] }, { - "reference_id": "cpe:2.3:a:csilvers:gperftools:0.2:*:*:*:*:*:*:*", + "reference_id": "CVE-2025-0168", "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:csilvers:gperftools:0.2:*:*:*:*:*:*:*", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0168", + "severities": [] + }, + { + "reference_id": "cpe:2.3:a:anisha:job_recruitment:1.0:*:*:*:*:*:*:*", + "reference_type": "", + "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:anisha:job_recruitment:1.0:*:*:*:*:*:*:*", "severities": [] } ], - "date_published": "2012-07-25T19:55:00+00:00", + "date_published": "2025-01-01T14:15:23.590000", "weaknesses": [ - 189 + 74, + 89, + 89 ], - "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-4895" + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0168" }, { "aliases": [ - "CVE-2003-0001" + "CVE-2025-22214" ], - "summary": "Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.", + "summary": "Landray EIS 2001 through 2006 allows Message/fi_message_receiver.aspx?replyid= SQL injection.", "affected_packages": [], "references": [ { "reference_id": "", "reference_type": "", - "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.html", - "severities": [] - }, - { - "reference_id": "", - "reference_type": "", - "url": "http://marc.info/?l=bugtraq&m=104222046632243&w=2", + "url": "https://github.com/Zerone0x00/CVE/blob/main/%E8%93%9D%E5%87%8CEISsql%E6%B3%A8%E5%85%A5/1.md", "severities": [] }, { - "reference_id": "", + "reference_id": "CVE-2025-22214", "reference_type": "", - "url": "http://secunia.com/advisories/7996", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22214", "severities": [] - }, - { - "reference_id": "", - "reference_type": "", - "url": "http://www.atstake.com/research/advisories/2003/a010603-1.txt", - "severities": [] - }, - { - "reference_id": "", - "reference_type": "", - "url": "http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf", - "severities": [] - }, - { - "reference_id": "", - "reference_type": "", - "url": "http://www.kb.cert.org/vuls/id/412115", - "severities": [] - }, - { - "reference_id": "", - "reference_type": "", - "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "severities": [] - }, - { - "reference_id": "", - "reference_type": "", - "url": "http://www.osvdb.org/9962", - "severities": [] - }, - { - "reference_id": "", - "reference_type": "", - "url": "http://www.redhat.com/support/errata/RHSA-2003-025.html", - "severities": [] - }, - { - "reference_id": "", - "reference_type": "", - "url": "http://www.redhat.com/support/errata/RHSA-2003-088.html", - "severities": [] - }, + } + ], + "date_published": "2025-01-02T04:15:06.277000", + "weaknesses": [ + 89 + ], + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22214" + }, + { + "aliases": [ + "CVE-2025-0171" + ], + "summary": "A vulnerability, which was classified as critical, was found in code-projects Chat System 1.0. Affected is an unknown function of the file /admin/deleteuser.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.", + "affected_packages": [], + "references": [ { "reference_id": "", "reference_type": "", - "url": "http://www.securityfocus.com/archive/1/305335/30/26420/threaded", + "url": "https://code-projects.org/", "severities": [] }, { "reference_id": "", "reference_type": "", - "url": "http://www.securityfocus.com/archive/1/307564/30/26270/threaded", + "url": "https://github.com/Sinon2003/cve/blob/main/sql_inject1.md", "severities": [] }, { "reference_id": "", "reference_type": "", - "url": "http://www.securitytracker.com/id/1031583", + "url": "https://vuldb.com/?ctiid.289938", "severities": [] }, { "reference_id": "", "reference_type": "", - "url": "http://www.securitytracker.com/id/1040185", + "url": "https://vuldb.com/?id.289938", "severities": [] }, { "reference_id": "", "reference_type": "", - "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2665", - "severities": [] - }, - { - "reference_id": "CVE-2003-0001", - "reference_type": "", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0001", - "severities": [ - { - "system": "cvssv2", - "value": "5.0", - "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" - } - ] - }, - { - "reference_id": "cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:*", - "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:*", - "severities": [] - }, - { - "reference_id": "cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*", - "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*", - "severities": [] - }, - { - "reference_id": "cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*", - "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*", - "severities": [] - }, - { - "reference_id": "cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*", - "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*", - "severities": [] - }, - { - "reference_id": "cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*", - "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*", - "severities": [] - }, - { - "reference_id": "cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*", - "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*", - "severities": [] - }, - { - "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.10:*:*:*:*:*:*:*", - "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.10:*:*:*:*:*:*:*", - "severities": [] - }, - { - "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.11:*:*:*:*:*:*:*", - "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.11:*:*:*:*:*:*:*", - "severities": [] - }, - { - "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.12:*:*:*:*:*:*:*", - "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.12:*:*:*:*:*:*:*", - "severities": [] - }, - { - "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.13:*:*:*:*:*:*:*", - "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.13:*:*:*:*:*:*:*", - "severities": [] - }, - { - "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.14:*:*:*:*:*:*:*", - "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.14:*:*:*:*:*:*:*", - "severities": [] - }, - { - "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.15:*:*:*:*:*:*:*", - "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.15:*:*:*:*:*:*:*", - "severities": [] - }, - { - "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.16:*:*:*:*:*:*:*", - "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.16:*:*:*:*:*:*:*", - "severities": [] - }, - { - "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.17:*:*:*:*:*:*:*", - "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.17:*:*:*:*:*:*:*", - "severities": [] - }, - { - "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.18:*:*:*:*:*:*:*", - "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.18:*:*:*:*:*:*:*", - "severities": [] - }, - { - "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.19:*:*:*:*:*:*:*", - "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.19:*:*:*:*:*:*:*", - "severities": [] - }, - { - "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.1:*:*:*:*:*:*:*", - "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.1:*:*:*:*:*:*:*", - "severities": [] - }, - { - "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.20:*:*:*:*:*:*:*", - "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.20:*:*:*:*:*:*:*", - "severities": [] - }, - { - "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.2:*:*:*:*:*:*:*", - "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.2:*:*:*:*:*:*:*", - "severities": [] - }, - { - "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.3:*:*:*:*:*:*:*", - "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.3:*:*:*:*:*:*:*", - "severities": [] - }, - { - "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.4:*:*:*:*:*:*:*", - "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.4:*:*:*:*:*:*:*", - "severities": [] - }, - { - "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.5:*:*:*:*:*:*:*", - "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.5:*:*:*:*:*:*:*", - "severities": [] - }, - { - "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.6:*:*:*:*:*:*:*", - "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.6:*:*:*:*:*:*:*", - "severities": [] - }, - { - "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.7:*:*:*:*:*:*:*", - "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.7:*:*:*:*:*:*:*", - "severities": [] - }, - { - "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.8:*:*:*:*:*:*:*", - "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.8:*:*:*:*:*:*:*", - "severities": [] - }, - { - "reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.9:*:*:*:*:*:*:*", - "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.9:*:*:*:*:*:*:*", - "severities": [] - }, - { - "reference_id": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", - "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", - "severities": [] - }, - { - "reference_id": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*", - "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*", - "severities": [] - }, - { - "reference_id": "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", - "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", - "severities": [] - }, - { - "reference_id": "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:*:*:*:*:*:*:*", - "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_2000_terminal_services:*:*:*:*:*:*:*:*", - "severities": [] - }, - { - "reference_id": "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp1:*:*:*:*:*:*", - "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp1:*:*:*:*:*:*", - "severities": [] - }, - { - "reference_id": "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp2:*:*:*:*:*:*", - "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp2:*:*:*:*:*:*", - "severities": [] - }, - { - "reference_id": "cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*", - "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*", - "severities": [] - }, - { - "reference_id": "cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*", - "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*", - "severities": [] - }, - { - "reference_id": "cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*", - "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*", + "url": "https://vuldb.com/?submit.473143", "severities": [] }, { - "reference_id": "cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*", + "reference_id": "CVE-2025-0171", "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0171", "severities": [] }, { - "reference_id": "cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*", + "reference_id": "cpe:2.3:a:code-projects:chat_system:1.0:*:*:*:*:*:*:*", "reference_type": "", - "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*", + "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:code-projects:chat_system:1.0:*:*:*:*:*:*:*", "severities": [] } ], - "date_published": "2003-01-17T05:00:00+00:00", + "date_published": "2025-01-02T15:15:25.550000", "weaknesses": [ - 200 + 74, + 89, + 89 ], - "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0001" + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0171" } ] \ No newline at end of file diff --git a/vulnerabilities/tests/test_data/nvd/nvd-rejected-expected.json b/vulnerabilities/tests/test_data/nvd/nvd-rejected-expected.json index 71a50e410..a687abf27 100644 --- a/vulnerabilities/tests/test_data/nvd/nvd-rejected-expected.json +++ b/vulnerabilities/tests/test_data/nvd/nvd-rejected-expected.json @@ -1,20 +1,20 @@ [ { "aliases": [ - "CVE-2022-0094" + "CVE-1999-1310" ], - "summary": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.", + "summary": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-1999-1022. Reason: This candidate is a duplicate of CVE-1999-1022. Notes: All CVE users should reference CVE-1999-1022 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage", "affected_packages": [], "references": [ { - "reference_id": "CVE-2022-0094", + "reference_id": "CVE-1999-1310", "reference_type": "", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0094", + "url": "https://nvd.nist.gov/vuln/detail/CVE-1999-1310", "severities": [] } ], - "date_published": "2023-05-12T05:15:00+00:00", + "date_published": "1994-11-04T05:00:00", "weaknesses": [], - "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0094" + "url": "https://nvd.nist.gov/vuln/detail/CVE-1999-1310" } ] \ No newline at end of file diff --git a/vulnerabilities/tests/test_data/nvd/nvd_test.json b/vulnerabilities/tests/test_data/nvd/nvd_test.json index 5bb675aa5..73acf8956 100644 --- a/vulnerabilities/tests/test_data/nvd/nvd_test.json +++ b/vulnerabilities/tests/test_data/nvd/nvd_test.json @@ -1,552 +1,408 @@ { - "CVE_data_type": "CVE", - "CVE_data_format": "MITRE", - "CVE_data_version": "4.0", - "CVE_data_numberOfCVEs": "4758", - "CVE_data_timestamp": "2020-07-29T09:05Z", - "CVE_Items": [ - { - "cve": { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2005-4895", - "ASSIGNER": "cve@mitre.org" - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "en", - "value": "CWE-189" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "http://code.google.com/p/gperftools/source/browse/tags/perftools-0.4/ChangeLog", - "name": "http://code.google.com/p/gperftools/source/browse/tags/perftools-0.4/ChangeLog", - "refsource": "CONFIRM", - "tags": [] - }, - { - "url": "http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/", - "name": "http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/", - "refsource": "MISC", - "tags": [] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "en", - "value": "Multiple integer overflows in TCMalloc (tcmalloc.cc) in gperftools before 0.4 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected." - } - ] - } - }, - "configurations": { - "CVE_data_version": "4.0", - "nodes": [ - { - "operator": "OR", - "cpe_match": [ - { - "vulnerable": true, - "cpe23Uri": "cpe:2.3:a:csilvers:gperftools:0.1:*:*:*:*:*:*:*" - }, - { - "vulnerable": true, - "cpe23Uri": "cpe:2.3:a:csilvers:gperftools:0.2:*:*:*:*:*:*:*" - }, - { - "vulnerable": true, - "cpe23Uri": "cpe:2.3:a:csilvers:gperftools:*:*:*:*:*:*:*:*", - "versionEndIncluding": "0.3" - } - ] - } - ] - }, - "impact": { - "baseMetricV2": { - "cvssV2": { - "version": "2.0", - "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "accessVector": "NETWORK", - "accessComplexity": "LOW", - "authentication": "NONE", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "availabilityImpact": "PARTIAL", - "baseScore": 5.0 - }, - "severity": "MEDIUM", - "exploitabilityScore": 10.0, - "impactScore": 2.9, - "obtainAllPrivilege": false, - "obtainUserPrivilege": false, - "obtainOtherPrivilege": false, - "userInteractionRequired": false - } - }, - "publishedDate": "2012-07-25T19:55Z", - "lastModifiedDate": "2012-08-09T04:00Z" - }, - { - "cve": { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2005-4900", - "ASSIGNER": "cve@mitre.org" - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "en", - "value": "CWE-326" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "http://ia.cr/2007/474", - "name": "2007", - "refsource": "MISC", - "tags": [ - "Third Party Advisory" - ] - }, - { - "url": "http://shattered.io/", - "name": "http://shattered.io/", - "refsource": "MISC", - "tags": [] - }, - { - "url": "http://www.cwi.nl/news/2017/cwi-and-google-announce-first-collision-industry-security-standard-sha-1", - "name": "http://www.cwi.nl/news/2017/cwi-and-google-announce-first-collision-industry-security-standard-sha-1", - "refsource": "MISC", - "tags": [] - }, - { - "url": "http://www.securityfocus.com/bid/12577", - "name": "exceedsDBexceedsDBexceedsDBexceedsDBexceedsDBexceedsDB", - "refsource": "BID", - "tags": [] - }, - { - "url": "https://arstechnica.com/security/2017/02/at-deaths-door-for-years-widely-used-sha1-function-is-now-dead/", - "name": "https://arstechnica.com/security/2017/02/at-deaths-door-for-years-widely-used-sha1-function-is-now-dead/", - "refsource": "MISC", - "tags": [] - }, - { - "url": "https://security.googleblog.com/2015/12/an-update-on-sha-1-certificates-in.html", - "name": "https://security.googleblog.com/2015/12/an-update-on-sha-1-certificates-in.html", - "refsource": "MISC", - "tags": [ - "Third Party Advisory" - ] - }, - { - "url": "https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html", - "name": "https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html", - "refsource": "MISC", - "tags": [] - }, - { - "url": "https://sites.google.com/site/itstheshappening", - "name": "https://sites.google.com/site/itstheshappening", - "refsource": "MISC", - "tags": [ - "Third Party Advisory" - ] - }, - { - "url": "https://www.schneier.com/blog/archives/2005/02/sha1_broken.html", - "name": "https://www.schneier.com/blog/archives/2005/02/sha1_broken.html", - "refsource": "MISC", - "tags": [ - "Third Party Advisory" - ] - }, - { - "url": "https://www.schneier.com/blog/archives/2005/08/new_cryptanalyt.html", - "name": "https://www.schneier.com/blog/archives/2005/08/new_cryptanalyt.html", - "refsource": "MISC", - "tags": [ - "Third Party Advisory" - ] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "en", - "value": "SHA-1 is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of SHA-1 in TLS 1.2. NOTE: this CVE exists to provide a common identifier for referencing this SHA-1 issue; the existence of an identifier is not, by itself, a technology recommendation." - }, - { - "lang": "en", - "value": "SHA-1 is likely present in a large number of products across the entire IT sector. The applicability statement for this CVE will be updated when specific products are identified, as time and resources permit." - } - ] - } - }, - "configurations": { - "CVE_data_version": "4.0", - "nodes": [ - { - "operator": "OR", - "cpe_match": [ - { - "vulnerable": true, - "cpe23Uri": "cpe:2.3:h:google:chrome:*:*:*:*:*:*:*:*", - "versionEndIncluding": "47.0.2526.111" - } - ] - } - ] - }, - "impact": { - "baseMetricV3": { - "cvssV3": { - "version": "3.0", - "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "attackVector": "NETWORK", - "attackComplexity": "HIGH", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseScore": 5.9, - "baseSeverity": "MEDIUM" - }, - "exploitabilityScore": 2.2, - "impactScore": 3.6 - }, - "baseMetricV2": { - "cvssV2": { - "version": "2.0", - "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "accessVector": "NETWORK", - "accessComplexity": "MEDIUM", - "authentication": "NONE", - "confidentialityImpact": "PARTIAL", - "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseScore": 4.3 - }, - "severity": "MEDIUM", - "exploitabilityScore": 8.6, - "impactScore": 2.9, - "obtainAllPrivilege": false, - "obtainUserPrivilege": false, - "obtainOtherPrivilege": false, - "userInteractionRequired": false - } - }, - "publishedDate": "2016-10-14T16:59Z", - "lastModifiedDate": "2018-05-30T01:29Z" - }, + "resultsPerPage" : 31499, + "startIndex" : 0, + "totalResults" : 31499, + "format" : "NVD_CVE", + "version" : "2.0", + "timestamp" : "2025-10-29T03:00:00.5927337", + "vulnerabilities" : [ { + "cve" : { + "id" : "CVE-2025-0168", + "sourceIdentifier" : "cna@vuldb.com", + "published" : "2025-01-01T14:15:23.590", + "lastModified" : "2025-02-25T21:26:07.113", + "vulnStatus" : "Analyzed", + "cveTags" : [ ], + "descriptions" : [ { + "lang" : "en", + "value" : "A vulnerability classified as critical has been found in code-projects Job Recruitment 1.0. This affects an unknown part of the file /_parse/_feedback_system.php. The manipulation of the argument person leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + }, { + "lang" : "es", + "value" : "Se ha encontrado una vulnerabilidad clasificada como crítica en code-projects Job Recruitment 1.0. Afecta a una parte desconocida del archivo /_parse/_feedback_system.php. La manipulación del argumento person conduce a la inyección SQL. Es posible iniciar el ataque de forma remota. La vulnerabilidad se ha revelado al público y puede utilizarse." + } ], + "metrics" : { + "cvssMetricV40" : [ { + "source" : "cna@vuldb.com", + "type" : "Secondary", + "cvssData" : { + "version" : "4.0", + "vectorString" : "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore" : 5.3, + "baseSeverity" : "MEDIUM", + "attackVector" : "NETWORK", + "attackComplexity" : "LOW", + "attackRequirements" : "NONE", + "privilegesRequired" : "LOW", + "userInteraction" : "NONE", + "vulnConfidentialityImpact" : "LOW", + "vulnIntegrityImpact" : "LOW", + "vulnAvailabilityImpact" : "LOW", + "subConfidentialityImpact" : "NONE", + "subIntegrityImpact" : "NONE", + "subAvailabilityImpact" : "NONE", + "exploitMaturity" : "NOT_DEFINED", + "confidentialityRequirement" : "NOT_DEFINED", + "integrityRequirement" : "NOT_DEFINED", + "availabilityRequirement" : "NOT_DEFINED", + "modifiedAttackVector" : "NOT_DEFINED", + "modifiedAttackComplexity" : "NOT_DEFINED", + "modifiedAttackRequirements" : "NOT_DEFINED", + "modifiedPrivilegesRequired" : "NOT_DEFINED", + "modifiedUserInteraction" : "NOT_DEFINED", + "modifiedVulnConfidentialityImpact" : "NOT_DEFINED", + "modifiedVulnIntegrityImpact" : "NOT_DEFINED", + "modifiedVulnAvailabilityImpact" : "NOT_DEFINED", + "modifiedSubConfidentialityImpact" : "NOT_DEFINED", + "modifiedSubIntegrityImpact" : "NOT_DEFINED", + "modifiedSubAvailabilityImpact" : "NOT_DEFINED", + "Safety" : "NOT_DEFINED", + "Automatable" : "NOT_DEFINED", + "Recovery" : "NOT_DEFINED", + "valueDensity" : "NOT_DEFINED", + "vulnerabilityResponseEffort" : "NOT_DEFINED", + "providerUrgency" : "NOT_DEFINED" + } + } ], + "cvssMetricV31" : [ { + "source" : "cna@vuldb.com", + "type" : "Secondary", + "cvssData" : { + "version" : "3.1", + "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore" : 6.3, + "baseSeverity" : "MEDIUM", + "attackVector" : "NETWORK", + "attackComplexity" : "LOW", + "privilegesRequired" : "LOW", + "userInteraction" : "NONE", + "scope" : "UNCHANGED", + "confidentialityImpact" : "LOW", + "integrityImpact" : "LOW", + "availabilityImpact" : "LOW" + }, + "exploitabilityScore" : 2.8, + "impactScore" : 3.4 + }, { + "source" : "nvd@nist.gov", + "type" : "Primary", + "cvssData" : { + "version" : "3.1", + "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore" : 7.5, + "baseSeverity" : "HIGH", + "attackVector" : "NETWORK", + "attackComplexity" : "LOW", + "privilegesRequired" : "NONE", + "userInteraction" : "NONE", + "scope" : "UNCHANGED", + "confidentialityImpact" : "HIGH", + "integrityImpact" : "NONE", + "availabilityImpact" : "NONE" + }, + "exploitabilityScore" : 3.9, + "impactScore" : 3.6 + } ], + "cvssMetricV2" : [ { + "source" : "cna@vuldb.com", + "type" : "Secondary", + "cvssData" : { + "version" : "2.0", + "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore" : 6.5, + "accessVector" : "NETWORK", + "accessComplexity" : "LOW", + "authentication" : "SINGLE", + "confidentialityImpact" : "PARTIAL", + "integrityImpact" : "PARTIAL", + "availabilityImpact" : "PARTIAL" + }, + "baseSeverity" : "MEDIUM", + "exploitabilityScore" : 8.0, + "impactScore" : 6.4, + "acInsufInfo" : false, + "obtainAllPrivilege" : false, + "obtainUserPrivilege" : false, + "obtainOtherPrivilege" : false, + "userInteractionRequired" : false + } ] + }, + "weaknesses" : [ { + "source" : "cna@vuldb.com", + "type" : "Secondary", + "description" : [ { + "lang" : "en", + "value" : "CWE-74" + }, { + "lang" : "en", + "value" : "CWE-89" + } ] + }, { + "source" : "nvd@nist.gov", + "type" : "Primary", + "description" : [ { + "lang" : "en", + "value" : "CWE-89" + } ] + } ], + "configurations" : [ { + "nodes" : [ { + "operator" : "OR", + "negate" : false, + "cpeMatch" : [ { + "vulnerable" : true, + "criteria" : "cpe:2.3:a:anisha:job_recruitment:1.0:*:*:*:*:*:*:*", + "matchCriteriaId" : "56E6381D-BF5F-4DC1-A525-4DEDA44D5C56" + } ] + } ] + } ], + "references" : [ { - "cve" : { - "data_type" : "CVE", - "data_format" : "MITRE", - "data_version" : "4.0", - "CVE_data_meta" : { - "ID" : "CVE-2003-0001", - "ASSIGNER" : "cve@mitre.org" - }, - "problemtype" : { - "problemtype_data" : [ { - "description" : [ { - "lang" : "en", - "value" : "CWE-200" - } ] - } ] - }, - "references" : { - "reference_data" : [ { - "url" : "http://www.atstake.com/research/advisories/2003/a010603-1.txt", - "name" : "A010603-1", - "refsource" : "ATSTAKE", - "tags" : [ "Vendor Advisory" ] - }, { - "url" : "http://www.kb.cert.org/vuls/id/412115", - "name" : "VU#412115", - "refsource" : "CERT-VN", - "tags" : [ "Third Party Advisory", "US Government Resource" ] - }, { - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.html", - "name" : "20030110 More information regarding Etherleak", - "refsource" : "VULNWATCH", - "tags" : [ ] - }, { - "url" : "http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf", - "name" : "http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf", - "refsource" : "MISC", - "tags" : [ ] - }, { - "url" : "http://www.redhat.com/support/errata/RHSA-2003-025.html", - "name" : "RHSA-2003:025", - "refsource" : "REDHAT", - "tags" : [ ] - }, { - "url" : "http://www.redhat.com/support/errata/RHSA-2003-088.html", - "name" : "RHSA-2003:088", - "refsource" : "REDHAT", - "tags" : [ ] - }, { - "url" : "http://www.osvdb.org/9962", - "name" : "9962", - "refsource" : "OSVDB", - "tags" : [ ] - }, { - "url" : "http://secunia.com/advisories/7996", - "name" : "7996", - "refsource" : "SECUNIA", - "tags" : [ ] - }, { - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "tags" : [ ] - }, { - "url" : "http://marc.info/?l=bugtraq&m=104222046632243&w=2", - "name" : "20030110 More information regarding Etherleak", - "refsource" : "BUGTRAQ", - "tags" : [ ] - }, { - "url" : "http://www.securitytracker.com/id/1031583", - "name" : "1031583", - "refsource" : "SECTRACK", - "tags" : [ ] - }, { - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2665", - "name" : "oval:org.mitre.oval:def:2665", - "refsource" : "OVAL", - "tags" : [ ] - }, { - "url" : "http://www.securitytracker.com/id/1040185", - "name" : "1040185", - "refsource" : "SECTRACK", - "tags" : [ ] - }, { - "url" : "http://www.securityfocus.com/archive/1/307564/30/26270/threaded", - "name" : "20030117 Re: More information regarding Etherleak", - "refsource" : "BUGTRAQ", - "tags" : [ ] - }, { - "url" : "http://www.securityfocus.com/archive/1/305335/30/26420/threaded", - "name" : "20030106 Etherleak: Ethernet frame padding information leakage (A010603-1)", - "refsource" : "BUGTRAQ", - "tags" : [ ] - } ] - }, - "description" : { - "description_data" : [ { - "lang" : "en", - "value" : "Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak." - } ] - } - }, - "configurations" : { - "CVE_data_version" : "4.0", - "nodes" : [ { - "operator" : "OR", - "children" : [ ], - "cpe_match" : [ { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.1:*:*:*:*:*:*:*", - "cpe_name" : [ ] - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*", - "cpe_name" : [ ] - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*", - "cpe_name" : [ ] - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.15:*:*:*:*:*:*:*", - "cpe_name" : [ ] - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.16:*:*:*:*:*:*:*", - "cpe_name" : [ ] - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.4:*:*:*:*:*:*:*", - "cpe_name" : [ ] - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.5:*:*:*:*:*:*:*", - "cpe_name" : [ ] - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.6:*:*:*:*:*:*:*", - "cpe_name" : [ ] - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*", - "cpe_name" : [ ] - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:*:*:*:*:*:*:*", - "cpe_name" : [ ] - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*", - "cpe_name" : [ ] - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:*", - "cpe_name" : [ ] - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*", - "cpe_name" : [ ] - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.11:*:*:*:*:*:*:*", - "cpe_name" : [ ] - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.12:*:*:*:*:*:*:*", - "cpe_name" : [ ] - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:*:*:*:*:*:*:*", - "cpe_name" : [ ] - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.2:*:*:*:*:*:*:*", - "cpe_name" : [ ] - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.9:*:*:*:*:*:*:*", - "cpe_name" : [ ] - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", - "cpe_name" : [ ] - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", - "cpe_name" : [ ] - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*", - "cpe_name" : [ ] - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*", - "cpe_name" : [ ] - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.10:*:*:*:*:*:*:*", - "cpe_name" : [ ] - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.17:*:*:*:*:*:*:*", - "cpe_name" : [ ] - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:*:*:*:*:*:*:*", - "cpe_name" : [ ] - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.7:*:*:*:*:*:*:*", - "cpe_name" : [ ] - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.8:*:*:*:*:*:*:*", - "cpe_name" : [ ] - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp1:*:*:*:*:*:*", - "cpe_name" : [ ] - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp2:*:*:*:*:*:*", - "cpe_name" : [ ] - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*", - "cpe_name" : [ ] - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*", - "cpe_name" : [ ] - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.13:*:*:*:*:*:*:*", - "cpe_name" : [ ] - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.14:*:*:*:*:*:*:*", - "cpe_name" : [ ] - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.20:*:*:*:*:*:*:*", - "cpe_name" : [ ] - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.3:*:*:*:*:*:*:*", - "cpe_name" : [ ] - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*", - "cpe_name" : [ ] - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*", - "cpe_name" : [ ] - } ] - } ] - }, - "impact" : { - "baseMetricV2" : { - "cvssV2" : { - "version" : "2.0", - "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "accessVector" : "NETWORK", - "accessComplexity" : "LOW", - "authentication" : "NONE", - "confidentialityImpact" : "PARTIAL", - "integrityImpact" : "NONE", - "availabilityImpact" : "NONE", - "baseScore" : 5.0 - }, - "severity" : "MEDIUM", - "exploitabilityScore" : 10.0, - "impactScore" : 2.9, - "obtainAllPrivilege" : false, - "obtainUserPrivilege" : false, - "obtainOtherPrivilege" : false, - "userInteractionRequired" : false - } - }, - "publishedDate" : "2003-01-17T05:00Z", - "lastModifiedDate" : "2019-04-30T14:27Z" + "url" : "https://code-projects.org/", + "source" : "cna@vuldb.com", + "tags" : [ "Product" ] + }, { + "url" : "https://github.com/UnrealdDei/cve/blob/main/sql11.md", + "source" : "cna@vuldb.com", + "tags" : [ "Exploit", "Third Party Advisory" ] + }, { + "url" : "https://vuldb.com/?ctiid.289917", + "source" : "cna@vuldb.com", + "tags" : [ "Permissions Required", "VDB Entry" ] + }, { + "url" : "https://vuldb.com/?id.289917", + "source" : "cna@vuldb.com", + "tags" : [ "Third Party Advisory", "VDB Entry" ] + }, { + "url" : "https://vuldb.com/?submit.473107", + "source" : "cna@vuldb.com", + "tags" : [ "Third Party Advisory", "VDB Entry" ] + } ] + } + }, { + "cve" : { + "id" : "CVE-2025-22214", + "sourceIdentifier" : "cve@mitre.org", + "published" : "2025-01-02T04:15:06.277", + "lastModified" : "2025-01-02T04:15:06.277", + "vulnStatus" : "Awaiting Analysis", + "cveTags" : [ ], + "descriptions" : [ { + "lang" : "en", + "value" : "Landray EIS 2001 through 2006 allows Message/fi_message_receiver.aspx?replyid= SQL injection." + }, { + "lang" : "es", + "value" : "Landray EIS 2001 a 2006 permite la inyección SQL Message/fi_message_receiver.aspx?replyid=." + } ], + "metrics" : { + "cvssMetricV31" : [ { + "source" : "cve@mitre.org", + "type" : "Secondary", + "cvssData" : { + "version" : "3.1", + "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore" : 4.3, + "baseSeverity" : "MEDIUM", + "attackVector" : "NETWORK", + "attackComplexity" : "LOW", + "privilegesRequired" : "LOW", + "userInteraction" : "NONE", + "scope" : "UNCHANGED", + "confidentialityImpact" : "LOW", + "integrityImpact" : "NONE", + "availabilityImpact" : "NONE" + }, + "exploitabilityScore" : 2.8, + "impactScore" : 1.4 + } ] + }, + "weaknesses" : [ { + "source" : "cve@mitre.org", + "type" : "Secondary", + "description" : [ { + "lang" : "en", + "value" : "CWE-89" + } ] + } ], + "references" : [ { + "url" : "https://github.com/Zerone0x00/CVE/blob/main/%E8%93%9D%E5%87%8CEISsql%E6%B3%A8%E5%85%A5/1.md", + "source" : "cve@mitre.org" + } ] + } + }, { + "cve" : { + "id" : "CVE-2025-0171", + "sourceIdentifier" : "cna@vuldb.com", + "published" : "2025-01-02T15:15:25.550", + "lastModified" : "2025-04-03T14:20:30.043", + "vulnStatus" : "Analyzed", + "cveTags" : [ ], + "descriptions" : [ { + "lang" : "en", + "value" : "A vulnerability, which was classified as critical, was found in code-projects Chat System 1.0. Affected is an unknown function of the file /admin/deleteuser.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + }, { + "lang" : "es", + "value" : "Se ha encontrado una vulnerabilidad clasificada como crítica en code-projects Chat System 1.0. Se trata de una función desconocida del archivo /admin/deleteuser.php. La manipulación del argumento id provoca una inyección SQL. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede ser utilizado." + } ], + "metrics" : { + "cvssMetricV40" : [ { + "source" : "cna@vuldb.com", + "type" : "Secondary", + "cvssData" : { + "version" : "4.0", + "vectorString" : "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore" : 5.3, + "baseSeverity" : "MEDIUM", + "attackVector" : "NETWORK", + "attackComplexity" : "LOW", + "attackRequirements" : "NONE", + "privilegesRequired" : "LOW", + "userInteraction" : "NONE", + "vulnConfidentialityImpact" : "LOW", + "vulnIntegrityImpact" : "LOW", + "vulnAvailabilityImpact" : "LOW", + "subConfidentialityImpact" : "NONE", + "subIntegrityImpact" : "NONE", + "subAvailabilityImpact" : "NONE", + "exploitMaturity" : "NOT_DEFINED", + "confidentialityRequirement" : "NOT_DEFINED", + "integrityRequirement" : "NOT_DEFINED", + "availabilityRequirement" : "NOT_DEFINED", + "modifiedAttackVector" : "NOT_DEFINED", + "modifiedAttackComplexity" : "NOT_DEFINED", + "modifiedAttackRequirements" : "NOT_DEFINED", + "modifiedPrivilegesRequired" : "NOT_DEFINED", + "modifiedUserInteraction" : "NOT_DEFINED", + "modifiedVulnConfidentialityImpact" : "NOT_DEFINED", + "modifiedVulnIntegrityImpact" : "NOT_DEFINED", + "modifiedVulnAvailabilityImpact" : "NOT_DEFINED", + "modifiedSubConfidentialityImpact" : "NOT_DEFINED", + "modifiedSubIntegrityImpact" : "NOT_DEFINED", + "modifiedSubAvailabilityImpact" : "NOT_DEFINED", + "Safety" : "NOT_DEFINED", + "Automatable" : "NOT_DEFINED", + "Recovery" : "NOT_DEFINED", + "valueDensity" : "NOT_DEFINED", + "vulnerabilityResponseEffort" : "NOT_DEFINED", + "providerUrgency" : "NOT_DEFINED" } - ] + } ], + "cvssMetricV31" : [ { + "source" : "cna@vuldb.com", + "type" : "Secondary", + "cvssData" : { + "version" : "3.1", + "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore" : 6.3, + "baseSeverity" : "MEDIUM", + "attackVector" : "NETWORK", + "attackComplexity" : "LOW", + "privilegesRequired" : "LOW", + "userInteraction" : "NONE", + "scope" : "UNCHANGED", + "confidentialityImpact" : "LOW", + "integrityImpact" : "LOW", + "availabilityImpact" : "LOW" + }, + "exploitabilityScore" : 2.8, + "impactScore" : 3.4 + }, { + "source" : "nvd@nist.gov", + "type" : "Primary", + "cvssData" : { + "version" : "3.1", + "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore" : 7.5, + "baseSeverity" : "HIGH", + "attackVector" : "NETWORK", + "attackComplexity" : "LOW", + "privilegesRequired" : "NONE", + "userInteraction" : "NONE", + "scope" : "UNCHANGED", + "confidentialityImpact" : "HIGH", + "integrityImpact" : "NONE", + "availabilityImpact" : "NONE" + }, + "exploitabilityScore" : 3.9, + "impactScore" : 3.6 + } ], + "cvssMetricV2" : [ { + "source" : "cna@vuldb.com", + "type" : "Secondary", + "cvssData" : { + "version" : "2.0", + "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore" : 6.5, + "accessVector" : "NETWORK", + "accessComplexity" : "LOW", + "authentication" : "SINGLE", + "confidentialityImpact" : "PARTIAL", + "integrityImpact" : "PARTIAL", + "availabilityImpact" : "PARTIAL" + }, + "baseSeverity" : "MEDIUM", + "exploitabilityScore" : 8.0, + "impactScore" : 6.4, + "acInsufInfo" : false, + "obtainAllPrivilege" : false, + "obtainUserPrivilege" : false, + "obtainOtherPrivilege" : false, + "userInteractionRequired" : false + } ] + }, + "weaknesses" : [ { + "source" : "cna@vuldb.com", + "type" : "Secondary", + "description" : [ { + "lang" : "en", + "value" : "CWE-74" + }, { + "lang" : "en", + "value" : "CWE-89" + } ] + }, { + "source" : "nvd@nist.gov", + "type" : "Primary", + "description" : [ { + "lang" : "en", + "value" : "CWE-89" + } ] + } ], + "configurations" : [ { + "nodes" : [ { + "operator" : "OR", + "negate" : false, + "cpeMatch" : [ { + "vulnerable" : true, + "criteria" : "cpe:2.3:a:code-projects:chat_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId" : "BA2E5E8E-272F-46CA-A1AB-50C53B07FFA3" + } ] + } ] + } ], + "references" : [ { + "url" : "https://code-projects.org/", + "source" : "cna@vuldb.com", + "tags" : [ "Product" ] + }, { + "url" : "https://github.com/Sinon2003/cve/blob/main/sql_inject1.md", + "source" : "cna@vuldb.com", + "tags" : [ "Exploit", "Third Party Advisory" ] + }, { + "url" : "https://vuldb.com/?ctiid.289938", + "source" : "cna@vuldb.com", + "tags" : [ "Permissions Required", "VDB Entry" ] + }, { + "url" : "https://vuldb.com/?id.289938", + "source" : "cna@vuldb.com", + "tags" : [ "Third Party Advisory", "VDB Entry" ] + }, { + "url" : "https://vuldb.com/?submit.473143", + "source" : "cna@vuldb.com", + "tags" : [ "Third Party Advisory", "VDB Entry" ] + }, { + "url" : "https://github.com/Sinon2003/cve/blob/main/sql_inject1.md", + "source" : "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags" : [ "Exploit", "Third Party Advisory" ] + } ] + } + }] } \ No newline at end of file diff --git a/vulnerabilities/tests/test_data/nvd/rejected_nvd.json b/vulnerabilities/tests/test_data/nvd/rejected_nvd.json index f9b060877..e09c5de5b 100644 --- a/vulnerabilities/tests/test_data/nvd/rejected_nvd.json +++ b/vulnerabilities/tests/test_data/nvd/rejected_nvd.json @@ -1,40 +1,28 @@ { - "CVE_Items": [ + "resultsPerPage": 6770, + "startIndex": 0, + "totalResults": 6770, + "format": "NVD_CVE", + "version": "2.0", + "timestamp": "2025-10-22T03:03:22.0437317", + "vulnerabilities": [ { "cve": { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-0094", - "ASSIGNER": "cve@mitre.org" - }, - "problemtype": { - "problemtype_data": [ - { - "description": [] - } - ] - }, - "references": { - "reference_data": [] - }, - "description": { - "description_data": [ - { - "lang": "en", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." - } - ] - } - }, - "configurations": { - "CVE_data_version": "4.0", - "nodes": [] - }, - "impact": {}, - "publishedDate": "2023-05-12T05:15Z", - "lastModifiedDate": "2023-05-12T05:15Z" + "id": "CVE-1999-1310", + "sourceIdentifier": "cve@mitre.org", + "published": "1994-11-04T05:00:00.000", + "lastModified": "2023-11-07T01:55:08.250", + "vulnStatus": "Rejected", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-1999-1022. Reason: This candidate is a duplicate of CVE-1999-1022. Notes: All CVE users should reference CVE-1999-1022 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" + } + ], + "metrics": {}, + "references": [] + } } ] } \ No newline at end of file