From 1dcdb5c6a3be1dce2fec32793e973b9e813f469c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 17 Apr 2025 19:00:39 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/36xxx/CVE-2020-36789.json | 147 ++++++++++++++++++++++++- 2021/47xxx/CVE-2021-47668.json | 147 ++++++++++++++++++++++++- 2021/47xxx/CVE-2021-47669.json | 125 ++++++++++++++++++++- 2021/47xxx/CVE-2021-47670.json | 114 ++++++++++++++++++- 2021/47xxx/CVE-2021-47671.json | 103 ++++++++++++++++- 2024/12xxx/CVE-2024-12369.json | 195 ++++++++++++++++++++++++++++++--- 2024/46xxx/CVE-2024-46986.json | 5 + 2024/46xxx/CVE-2024-46987.json | 5 + 2025/23xxx/CVE-2025-23367.json | 193 +++++++++++++++++++++++++++++--- 2025/26xxx/CVE-2025-26269.json | 2 +- 2025/28xxx/CVE-2025-28009.json | 56 +++++++++- 2025/3xxx/CVE-2025-3762.json | 109 +++++++++++++++++- 2025/3xxx/CVE-2025-3763.json | 114 ++++++++++++++++++- 13 files changed, 1253 insertions(+), 62 deletions(-) diff --git a/2020/36xxx/CVE-2020-36789.json b/2020/36xxx/CVE-2020-36789.json index bda3c0f537e..42546d50c57 100644 --- a/2020/36xxx/CVE-2020-36789.json +++ b/2020/36xxx/CVE-2020-36789.json @@ -1,18 +1,157 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-36789", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context\n\nIf a driver calls can_get_echo_skb() during a hardware IRQ (which is often, but\nnot always, the case), the 'WARN_ON(in_irq)' in\nnet/core/skbuff.c#skb_release_head_state() might be triggered, under network\ncongestion circumstances, together with the potential risk of a NULL pointer\ndereference.\n\nThe root cause of this issue is the call to kfree_skb() instead of\ndev_kfree_skb_irq() in net/core/dev.c#enqueue_to_backlog().\n\nThis patch prevents the skb to be freed within the call to netif_rx() by\nincrementing its reference count with skb_get(). The skb is finally freed by\none of the in-irq-context safe functions: dev_consume_skb_any() or\ndev_kfree_skb_any(). The \"any\" version is used because some drivers might call\ncan_get_echo_skb() in a normal context.\n\nThe reason for this issue to occur is that initially, in the core network\nstack, loopback skb were not supposed to be received in hardware IRQ context.\nThe CAN stack is an exeption.\n\nThis bug was previously reported back in 2017 in [1] but the proposed patch\nnever got accepted.\n\nWhile [1] directly modifies net/core/dev.c, we try to propose here a\nsmoother modification local to CAN network stack (the assumption\nbehind is that only CAN devices are affected by this issue).\n\n[1] http://lore.kernel.org/r/57a3ffb6-3309-3ad5-5a34-e93c3fe3614d@cetitec.com" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "39549eef3587f1c1e8c65c88a2400d10fd30ea17", + "version_value": "248b71ce92d4f3a574b2537f9838f48e892618f4" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "2.6.31", + "status": "affected" + }, + { + "version": "0", + "lessThan": "2.6.31", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "4.4.244", + "lessThanOrEqual": "4.4.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "4.9.244", + "lessThanOrEqual": "4.9.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "4.14.207", + "lessThanOrEqual": "4.14.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "4.19.158", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.4.78", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.9.9", + "lessThanOrEqual": "5.9.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.10", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/248b71ce92d4f3a574b2537f9838f48e892618f4", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/248b71ce92d4f3a574b2537f9838f48e892618f4" + }, + { + "url": "https://git.kernel.org/stable/c/451187b20431924d13fcfecc500d7cd2d9951bac", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/451187b20431924d13fcfecc500d7cd2d9951bac" + }, + { + "url": "https://git.kernel.org/stable/c/3a922a85701939624484e7f2fd07d32beed00d25", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/3a922a85701939624484e7f2fd07d32beed00d25" + }, + { + "url": "https://git.kernel.org/stable/c/7e4cf2ec0ca236c3e5f904239cec6efe1f3baf22", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/7e4cf2ec0ca236c3e5f904239cec6efe1f3baf22" + }, + { + "url": "https://git.kernel.org/stable/c/ab46748bf98864f9c3f5559060bf8caf9df2b41e", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/ab46748bf98864f9c3f5559060bf8caf9df2b41e" + }, + { + "url": "https://git.kernel.org/stable/c/87530b557affe01c764de32dbeb58cdf47234574", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/87530b557affe01c764de32dbeb58cdf47234574" + }, + { + "url": "https://git.kernel.org/stable/c/2283f79b22684d2812e5c76fc2280aae00390365", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/2283f79b22684d2812e5c76fc2280aae00390365" + } + ] + }, + "generator": { + "engine": "bippy-1.0.0" } } \ No newline at end of file diff --git a/2021/47xxx/CVE-2021-47668.json b/2021/47xxx/CVE-2021-47668.json index afbd40e87b9..ad14127bece 100644 --- a/2021/47xxx/CVE-2021-47668.json +++ b/2021/47xxx/CVE-2021-47668.json @@ -1,18 +1,157 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-47668", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: dev: can_restart: fix use after free bug\n\nAfter calling netif_rx_ni(skb), dereferencing skb is unsafe.\nEspecially, the can_frame cf which aliases skb memory is accessed\nafter the netif_rx_ni() in:\n stats->rx_bytes += cf->len;\n\nReordering the lines solves the issue." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "39549eef3587f1c1e8c65c88a2400d10fd30ea17", + "version_value": "260925a0b7d2da5449f8ecfd02c1405e0c8a45b8" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "2.6.31", + "status": "affected" + }, + { + "version": "0", + "lessThan": "2.6.31", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "4.4.254", + "lessThanOrEqual": "4.4.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "4.9.254", + "lessThanOrEqual": "4.9.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "4.14.218", + "lessThanOrEqual": "4.14.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "4.19.171", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.4.93", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.10.11", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.11", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/260925a0b7d2da5449f8ecfd02c1405e0c8a45b8", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/260925a0b7d2da5449f8ecfd02c1405e0c8a45b8" + }, + { + "url": "https://git.kernel.org/stable/c/bbc6847b9b8978b520f62fbc7c68c54ef0f8d282", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/bbc6847b9b8978b520f62fbc7c68c54ef0f8d282" + }, + { + "url": "https://git.kernel.org/stable/c/92668d28c7e6a7a2ba07df287669ffcdf650c421", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/92668d28c7e6a7a2ba07df287669ffcdf650c421" + }, + { + "url": "https://git.kernel.org/stable/c/08ab951787098ae0b6c0364aeea7a8138226f234", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/08ab951787098ae0b6c0364aeea7a8138226f234" + }, + { + "url": "https://git.kernel.org/stable/c/ac48ef15826e83f4206c47add61072e8fc76d328", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/ac48ef15826e83f4206c47add61072e8fc76d328" + }, + { + "url": "https://git.kernel.org/stable/c/593c072b7b3c4d7044416eb039d9ad706bedd67a", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/593c072b7b3c4d7044416eb039d9ad706bedd67a" + }, + { + "url": "https://git.kernel.org/stable/c/03f16c5075b22c8902d2af739969e878b0879c94", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/03f16c5075b22c8902d2af739969e878b0879c94" + } + ] + }, + "generator": { + "engine": "bippy-1.0.0" } } \ No newline at end of file diff --git a/2021/47xxx/CVE-2021-47669.json b/2021/47xxx/CVE-2021-47669.json index 17586dddc6a..345671555af 100644 --- a/2021/47xxx/CVE-2021-47669.json +++ b/2021/47xxx/CVE-2021-47669.json @@ -1,18 +1,135 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-47669", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: vxcan: vxcan_xmit: fix use after free bug\n\nAfter calling netif_rx_ni(skb), dereferencing skb is unsafe.\nEspecially, the canfd_frame cfd which aliases skb memory is accessed\nafter the netif_rx_ni()." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "a8f820a380a2a06fc4fe1a54159067958f800929", + "version_value": "6d6dcf2399cdd26f7f5426ca8dd8366b7f2ca105" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.12", + "status": "affected" + }, + { + "version": "0", + "lessThan": "4.12", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "4.14.218", + "lessThanOrEqual": "4.14.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "4.19.171", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.4.93", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.10.11", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.11", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/6d6dcf2399cdd26f7f5426ca8dd8366b7f2ca105", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/6d6dcf2399cdd26f7f5426ca8dd8366b7f2ca105" + }, + { + "url": "https://git.kernel.org/stable/c/9b820875a32a3443d67bfd368e93038354e98052", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/9b820875a32a3443d67bfd368e93038354e98052" + }, + { + "url": "https://git.kernel.org/stable/c/a24476b37167816e6352ca1a2cf3769847774f70", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/a24476b37167816e6352ca1a2cf3769847774f70" + }, + { + "url": "https://git.kernel.org/stable/c/e771a874076115df8bff27d325edfd2340e4ec69", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/e771a874076115df8bff27d325edfd2340e4ec69" + }, + { + "url": "https://git.kernel.org/stable/c/75854cad5d80976f6ea0f0431f8cedd3bcc475cb", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/75854cad5d80976f6ea0f0431f8cedd3bcc475cb" + } + ] + }, + "generator": { + "engine": "bippy-1.0.0" } } \ No newline at end of file diff --git a/2021/47xxx/CVE-2021-47670.json b/2021/47xxx/CVE-2021-47670.json index fe30aef7939..975d8221530 100644 --- a/2021/47xxx/CVE-2021-47670.json +++ b/2021/47xxx/CVE-2021-47670.json @@ -1,18 +1,124 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-47670", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: peak_usb: fix use after free bugs\n\nAfter calling peak_usb_netif_rx_ni(skb), dereferencing skb is unsafe.\nEspecially, the can_frame cf which aliases skb memory is accessed\nafter the peak_usb_netif_rx_ni().\n\nReordering the lines solves the issue." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0a25e1f4f18566b750ebd3ae995af64e23111e63", + "version_value": "5408824636fa0dfedb9ecb0d94abd573131bfbbe" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.0", + "status": "affected" + }, + { + "version": "0", + "lessThan": "4.0", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "4.19.171", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.4.93", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.10.11", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.11", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/5408824636fa0dfedb9ecb0d94abd573131bfbbe", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/5408824636fa0dfedb9ecb0d94abd573131bfbbe" + }, + { + "url": "https://git.kernel.org/stable/c/ddd1416f44130377798c1430b76503513b7497c2", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/ddd1416f44130377798c1430b76503513b7497c2" + }, + { + "url": "https://git.kernel.org/stable/c/ec939c13c3fff2114479769c8380b7f1a54feca9", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/ec939c13c3fff2114479769c8380b7f1a54feca9" + }, + { + "url": "https://git.kernel.org/stable/c/50aca891d7a554db0901b245167cd653d73aaa71", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/50aca891d7a554db0901b245167cd653d73aaa71" + } + ] + }, + "generator": { + "engine": "bippy-1.0.0" } } \ No newline at end of file diff --git a/2021/47xxx/CVE-2021-47671.json b/2021/47xxx/CVE-2021-47671.json index 5102b0b0989..9a47d960050 100644 --- a/2021/47xxx/CVE-2021-47671.json +++ b/2021/47xxx/CVE-2021-47671.json @@ -1,18 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-47671", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: etas_es58x: es58x_rx_err_msg(): fix memory leak in error path\n\nIn es58x_rx_err_msg(), if can->do_set_mode() fails, the function\ndirectly returns without calling netif_rx(skb). This means that the\nskb previously allocated by alloc_can_err_skb() is not freed. In other\nterms, this is a memory leak.\n\nThis patch simply removes the return statement in the error branch and\nlet the function continue.\n\nIssue was found with GCC -fanalyzer, please follow the link below for\ndetails." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "8537257874e949a59c834cecfd5a063e11b64b0b", + "version_value": "4f389e1276a5389c92cef860c9fde8e1c802a871" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.13", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.13", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.14.19", + "lessThanOrEqual": "5.14.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.15.3", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.16", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/4f389e1276a5389c92cef860c9fde8e1c802a871", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/4f389e1276a5389c92cef860c9fde8e1c802a871" + }, + { + "url": "https://git.kernel.org/stable/c/7eb0881aec26099089f12ae850aebd93190b1dfe", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/7eb0881aec26099089f12ae850aebd93190b1dfe" + }, + { + "url": "https://git.kernel.org/stable/c/d9447f768bc8c60623e4bb3ce65b8f4654d33a50", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/d9447f768bc8c60623e4bb3ce65b8f4654d33a50" + } + ] + }, + "generator": { + "engine": "bippy-1.0.0" } } \ No newline at end of file diff --git a/2024/12xxx/CVE-2024-12369.json b/2024/12xxx/CVE-2024-12369.json index 430f1fb7d4b..a28027e897f 100644 --- a/2024/12xxx/CVE-2024-12369.json +++ b/2024/12xxx/CVE-2024-12369.json @@ -35,6 +35,181 @@ "vendor_name": "Red Hat", "product": { "product_data": [ + { + "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:2.16.1-1.redhat_00001.1.el8eap", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:1.80.0-1.redhat_00001.1.el8eap", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:800.7.0-2.GA_redhat_00002.1.el8eap", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:6.2.35-1.Final_redhat_00001.1.el8eap", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:3.0.13-1.Final_redhat_00001.1.el8eap", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:3.0.1-1.redhat_00001.1.el8eap", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.0.11-1.redhat_00001.1.el8eap", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:1.0.4-3.redhat_00004.1.el8eap", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:3.1.10-1.redhat_00001.1.el8eap", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:5.1.5-1.Final_redhat_00001.1.el8eap", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:8.0.7-3.GA_redhat_00004.1.el8eap", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:2.2.9-1.Final_redhat_00001.1.el8eap", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Build of Keycloak", "version": { @@ -42,7 +217,7 @@ { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "affected" + "defaultStatus": "unaffected" } } ] @@ -60,19 +235,6 @@ } ] } - }, - { - "product_name": "Red Hat JBoss Enterprise Application Platform 8", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - } - ] - } } ] } @@ -82,6 +244,11 @@ }, "references": { "reference_data": [ + { + "url": "https://access.redhat.com/errata/RHSA-2025:3989", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2025:3989" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-12369", "refsource": "MISC", diff --git a/2024/46xxx/CVE-2024-46986.json b/2024/46xxx/CVE-2024-46986.json index 371980ed012..015f8c4b8e9 100644 --- a/2024/46xxx/CVE-2024-46986.json +++ b/2024/46xxx/CVE-2024-46986.json @@ -69,6 +69,11 @@ "refsource": "MISC", "name": "https://owasp.org/www-community/attacks/Path_Traversal" }, + { + "url": "https://securitylab.github.com/advisories/GHSL-2024-182_GHSL-2024-186_Camaleon_CMS", + "refsource": "MISC", + "name": "https://securitylab.github.com/advisories/GHSL-2024-182_GHSL-2024-186_Camaleon_CMS" + }, { "url": "https://www.reddit.com/r/rails/comments/1exwtdm/camaleon_cms_281_has_been_released", "refsource": "MISC", diff --git a/2024/46xxx/CVE-2024-46987.json b/2024/46xxx/CVE-2024-46987.json index 6a6e18e3e82..e05c7a98696 100644 --- a/2024/46xxx/CVE-2024-46987.json +++ b/2024/46xxx/CVE-2024-46987.json @@ -78,6 +78,11 @@ "refsource": "MISC", "name": "https://owasp.org/www-community/attacks/Path_Traversal" }, + { + "url": "https://securitylab.github.com/advisories/GHSL-2024-182_GHSL-2024-186_Camaleon_CMS", + "refsource": "MISC", + "name": "https://securitylab.github.com/advisories/GHSL-2024-182_GHSL-2024-186_Camaleon_CMS" + }, { "url": "https://www.reddit.com/r/rails/comments/1exwtdm/camaleon_cms_281_has_been_released", "refsource": "MISC", diff --git a/2025/23xxx/CVE-2025-23367.json b/2025/23xxx/CVE-2025-23367.json index 61833a8df3e..cee4475373c 100644 --- a/2025/23xxx/CVE-2025-23367.json +++ b/2025/23xxx/CVE-2025-23367.json @@ -195,6 +195,181 @@ ] } }, + { + "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:2.16.1-1.redhat_00001.1.el8eap", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:1.80.0-1.redhat_00001.1.el8eap", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:800.7.0-2.GA_redhat_00002.1.el8eap", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:6.2.35-1.Final_redhat_00001.1.el8eap", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:3.0.13-1.Final_redhat_00001.1.el8eap", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:3.0.1-1.redhat_00001.1.el8eap", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.0.11-1.redhat_00001.1.el8eap", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:1.0.4-3.redhat_00004.1.el8eap", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:3.1.10-1.redhat_00001.1.el8eap", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:5.1.5-1.Final_redhat_00001.1.el8eap", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:8.0.7-3.GA_redhat_00004.1.el8eap", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:2.2.9-1.Final_redhat_00001.1.el8eap", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Build of Keycloak", "version": { @@ -247,19 +422,6 @@ ] } }, - { - "product_name": "Red Hat JBoss Enterprise Application Platform 8", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - } - ] - } - }, { "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack", "version": { @@ -317,6 +479,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2025:3467" }, + { + "url": "https://access.redhat.com/errata/RHSA-2025:3989", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2025:3989" + }, { "url": "https://access.redhat.com/security/cve/CVE-2025-23367", "refsource": "MISC", diff --git a/2025/26xxx/CVE-2025-26269.json b/2025/26xxx/CVE-2025-26269.json index 5aa55259696..ebbd9056990 100644 --- a/2025/26xxx/CVE-2025-26269.json +++ b/2025/26xxx/CVE-2025-26269.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "DragonflyDB Dragonfly through 1.28.2 allows authenticated users to cause a denial of service (daemon crash) via a Lua library command that references a large integer." + "value": "DragonflyDB Dragonfly through 1.28.2 allows authenticated users to cause a denial of service (daemon crash) via a Lua library command that references a large negative integer." } ] }, diff --git a/2025/28xxx/CVE-2025-28009.json b/2025/28xxx/CVE-2025-28009.json index 48d4d6cd31c..bd4c2f6951d 100644 --- a/2025/28xxx/CVE-2025-28009.json +++ b/2025/28xxx/CVE-2025-28009.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-28009", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-28009", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A SQL Injection vulnerability exists in the `u` parameter of the progress-body-weight.php endpoint of Dietiqa App v1.0.20." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/beardenx/CVE-2025-28009", + "url": "https://github.com/beardenx/CVE-2025-28009" } ] } diff --git a/2025/3xxx/CVE-2025-3762.json b/2025/3xxx/CVE-2025-3762.json index 9aad7319e5a..41a2ec3f62c 100644 --- a/2025/3xxx/CVE-2025-3762.json +++ b/2025/3xxx/CVE-2025-3762.json @@ -1,17 +1,118 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3762", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in PCMan FTP Server 2.0.7. It has been rated as critical. Affected by this issue is some unknown functionality of the component MPUT Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in PCMan FTP Server 2.0.7 ausgemacht. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Komponente MPUT Command Handler. Durch die Manipulation mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow", + "cweId": "CWE-120" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption", + "cweId": "CWE-119" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PCMan", + "product": { + "product_data": [ + { + "product_name": "FTP Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.305396", + "refsource": "MISC", + "name": "https://vuldb.com/?id.305396" + }, + { + "url": "https://vuldb.com/?ctiid.305396", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.305396" + }, + { + "url": "https://vuldb.com/?submit.553567", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.553567" + }, + { + "url": "https://fitoxs.com/exploit/exploit-8d31b9e55c1c3d8f2cbf62e3e218f50b.txt", + "refsource": "MISC", + "name": "https://fitoxs.com/exploit/exploit-8d31b9e55c1c3d8f2cbf62e3e218f50b.txt" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Fernando Mengali (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 7.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 7.5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ] } diff --git a/2025/3xxx/CVE-2025-3763.json b/2025/3xxx/CVE-2025-3763.json index bc6263857ef..14cfe35e6b5 100644 --- a/2025/3xxx/CVE-2025-3763.json +++ b/2025/3xxx/CVE-2025-3763.json @@ -1,17 +1,123 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3763", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical has been found in SourceCodester Phone Management System 1.0. This affects the function main of the component Password Handler. The manipulation of the argument s leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in SourceCodester Phone Management System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Es geht dabei um die Funktion main der Komponente Password Handler. Durch Manipulation des Arguments s mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow", + "cweId": "CWE-120" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption", + "cweId": "CWE-119" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Phone Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.305397", + "refsource": "MISC", + "name": "https://vuldb.com/?id.305397" + }, + { + "url": "https://vuldb.com/?ctiid.305397", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.305397" + }, + { + "url": "https://vuldb.com/?submit.553650", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.553650" + }, + { + "url": "https://github.com/eeeee-vul/CVE/issues/4", + "refsource": "MISC", + "name": "https://github.com/eeeee-vul/CVE/issues/4" + }, + { + "url": "https://www.sourcecodester.com/", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "eeeee (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.3, + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 4.3, + "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P" } ] }