From 257444d7e0d2f9e1ed6315e2b67e0ea86903c767 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 18 Apr 2025 14:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/11xxx/CVE-2024-11421.json | 8 +-- 2024/50xxx/CVE-2024-50960.json | 2 +- 2024/53xxx/CVE-2024-53204.json | 35 ++++++++++- 2024/53xxx/CVE-2024-53205.json | 35 ++++++++++- 2025/25xxx/CVE-2025-25948.json | 5 ++ 2025/25xxx/CVE-2025-25949.json | 5 ++ 2025/25xxx/CVE-2025-25950.json | 5 ++ 2025/25xxx/CVE-2025-25951.json | 5 ++ 2025/32xxx/CVE-2025-32790.json | 2 +- 2025/3xxx/CVE-2025-3790.json | 109 +++++++++++++++++++++++++++++++-- 2025/3xxx/CVE-2025-3794.json | 18 ++++++ 2025/40xxx/CVE-2025-40364.json | 92 ++++++++++++++++++++++++++-- 12 files changed, 303 insertions(+), 18 deletions(-) create mode 100644 2025/3xxx/CVE-2025-3794.json diff --git a/2024/11xxx/CVE-2024-11421.json b/2024/11xxx/CVE-2024-11421.json index 5ae08af626a..b0650bea8a7 100644 --- a/2024/11xxx/CVE-2024-11421.json +++ b/2024/11xxx/CVE-2024-11421.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-11421", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: The developer has disputed this as a vulnerability. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2024/50xxx/CVE-2024-50960.json b/2024/50xxx/CVE-2024-50960.json index fe42d98191a..a134b5427c7 100644 --- a/2024/50xxx/CVE-2024-50960.json +++ b/2024/50xxx/CVE-2024-50960.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "A command injection vulnerability in the Nmap diagnostic tool in the admin web console of Extron SMP 111 <=3.01, SMP 351 <=2.16, and SMP 352 <= 2.16 allows a remote authenticated attacker with administrative privileges to execute arbitrary commands as root on the underlying operating system." + "value": "A command injection vulnerability in the Nmap diagnostic tool in the admin web console of Extron SMP 111 <=3.01, SMP 351 <=2.16, SMP 352 <= 2.16, and SME 211 <= 3.02, allows a remote authenticated attacker to execute arbitrary commands as root on the underlying operating system." } ] }, diff --git a/2024/53xxx/CVE-2024-53204.json b/2024/53xxx/CVE-2024-53204.json index 9eb794a06b2..797c7b2ec67 100644 --- a/2024/53xxx/CVE-2024-53204.json +++ b/2024/53xxx/CVE-2024-53204.json @@ -41,6 +41,11 @@ { "version_affected": "<", "version_name": "adda6e82a7de7d6d478f6c8ef127f0ac51c510a1", + "version_value": "e27877990e54bfe4246dd850f7ec8646c999ce58" + }, + { + "version_affected": "<", + "version_name": "b48415afe5fd7e6f5912d4c45720217b77d8e7ea", "version_value": "48d52d3168749e10c1c37cd4ceccd18625851741" }, { @@ -51,12 +56,28 @@ "version": "6.6", "status": "affected" }, + { + "version": "6.9", + "status": "affected" + }, { "version": "0", "lessThan": "6.6", "status": "unaffected", "versionType": "semver" }, + { + "version": "6.6.4", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.7", + "lessThan": "6.9", + "status": "unaffected", + "versionType": "semver" + }, { "version": "6.11.11", "lessThanOrEqual": "6.11.*", @@ -70,7 +91,7 @@ "versionType": "semver" }, { - "version": "6.13-rc1", + "version": "6.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" @@ -90,6 +111,16 @@ }, "references": { "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/e27877990e54bfe4246dd850f7ec8646c999ce58", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/e27877990e54bfe4246dd850f7ec8646c999ce58" + }, + { + "url": "https://git.kernel.org/stable/c/258ea41c926b7b3a16d0d7aa210a1401c4a1601b", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/258ea41c926b7b3a16d0d7aa210a1401c4a1601b" + }, { "url": "https://git.kernel.org/stable/c/48d52d3168749e10c1c37cd4ceccd18625851741", "refsource": "MISC", @@ -108,6 +139,6 @@ ] }, "generator": { - "engine": "bippy-5f407fcff5a0" + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2024/53xxx/CVE-2024-53205.json b/2024/53xxx/CVE-2024-53205.json index 4a0673a3135..b291eb90879 100644 --- a/2024/53xxx/CVE-2024-53205.json +++ b/2024/53xxx/CVE-2024-53205.json @@ -41,6 +41,11 @@ { "version_affected": "<", "version_name": "134e6d25f6bd06071e5aac0a7eefcea6f7713955", + "version_value": "7e2cde1813418b39b5e95d86e10d6701dccf18af" + }, + { + "version_affected": "<", + "version_name": "eeda494542e55b603c7b80e14bfc5ee4ab7f9814", "version_value": "0b398b6b6c94315fd2ce3658e3cee96539dbd7b7" }, { @@ -51,12 +56,28 @@ "version": "6.6", "status": "affected" }, + { + "version": "6.9", + "status": "affected" + }, { "version": "0", "lessThan": "6.6", "status": "unaffected", "versionType": "semver" }, + { + "version": "6.6.4", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.7", + "lessThan": "6.9", + "status": "unaffected", + "versionType": "semver" + }, { "version": "6.11.11", "lessThanOrEqual": "6.11.*", @@ -70,7 +91,7 @@ "versionType": "semver" }, { - "version": "6.13-rc1", + "version": "6.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" @@ -90,6 +111,16 @@ }, "references": { "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/7e2cde1813418b39b5e95d86e10d6701dccf18af", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/7e2cde1813418b39b5e95d86e10d6701dccf18af" + }, + { + "url": "https://git.kernel.org/stable/c/7a784bcdd7e54f0599da3b2360e472238412623e", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/7a784bcdd7e54f0599da3b2360e472238412623e" + }, { "url": "https://git.kernel.org/stable/c/0b398b6b6c94315fd2ce3658e3cee96539dbd7b7", "refsource": "MISC", @@ -108,6 +139,6 @@ ] }, "generator": { - "engine": "bippy-5f407fcff5a0" + "engine": "bippy-1.1.0" } } \ No newline at end of file diff --git a/2025/25xxx/CVE-2025-25948.json b/2025/25xxx/CVE-2025-25948.json index 368093758b3..757c18dd747 100644 --- a/2025/25xxx/CVE-2025-25948.json +++ b/2025/25xxx/CVE-2025-25948.json @@ -56,6 +56,11 @@ "url": "https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-53637", "refsource": "MISC", "name": "https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-53637" + }, + { + "refsource": "MISC", + "name": "https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2025-25948", + "url": "https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2025-25948" } ] } diff --git a/2025/25xxx/CVE-2025-25949.json b/2025/25xxx/CVE-2025-25949.json index 4e3310fb0b8..4a3ad38f041 100644 --- a/2025/25xxx/CVE-2025-25949.json +++ b/2025/25xxx/CVE-2025-25949.json @@ -56,6 +56,11 @@ "url": "https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89636", "refsource": "MISC", "name": "https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89636" + }, + { + "refsource": "MISC", + "name": "https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2025-25949", + "url": "https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2025-25949" } ] } diff --git a/2025/25xxx/CVE-2025-25950.json b/2025/25xxx/CVE-2025-25950.json index 17c499de02c..65a57d9d88e 100644 --- a/2025/25xxx/CVE-2025-25950.json +++ b/2025/25xxx/CVE-2025-25950.json @@ -56,6 +56,11 @@ "url": "https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89637", "refsource": "MISC", "name": "https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89637" + }, + { + "refsource": "MISC", + "name": "https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2025-25950", + "url": "https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2025-25950" } ] } diff --git a/2025/25xxx/CVE-2025-25951.json b/2025/25xxx/CVE-2025-25951.json index ae92a4e4c15..04e83c31bf0 100644 --- a/2025/25xxx/CVE-2025-25951.json +++ b/2025/25xxx/CVE-2025-25951.json @@ -56,6 +56,11 @@ "url": "https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89638", "refsource": "MISC", "name": "https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89638" + }, + { + "refsource": "MISC", + "name": "https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2025-25951", + "url": "https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2025-25951" } ] } diff --git a/2025/32xxx/CVE-2025-32790.json b/2025/32xxx/CVE-2025-32790.json index 6bea7b4bf54..8c8b6e20e00 100644 --- a/2025/32xxx/CVE-2025-32790.json +++ b/2025/32xxx/CVE-2025-32790.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Dify is an open-source LLM app development platform. In versions 0.6.8 and prior, a vulnerability was identified in the DIFY AI where normal users are improperly granted permissions to export APP DSL. The feature in '/export' should only allow administrator users to export DSL. A patched version has not been released. A workaround for this vulnerability involves updating the access control mechanisms to enforce stricter user role permissions and implementing role-based access controls (RBAC) to ensure that only users with admin privileges can export the APP DSL. This vulnerability is fixed in 0.6.13." + "value": "Dify is an open-source LLM app development platform. In versions 0.6.8 and prior, a vulnerability was identified in the DIFY AI where normal users are improperly granted permissions to export APP DSL. The feature in '/export' should only allow administrator users to export DSL. A workaround for this vulnerability involves updating the access control mechanisms to enforce stricter user role permissions and implementing role-based access controls (RBAC) to ensure that only users with admin privileges can export the APP DSL. This vulnerability is fixed in 0.6.13." } ] }, diff --git a/2025/3xxx/CVE-2025-3790.json b/2025/3xxx/CVE-2025-3790.json index 8176e7eb757..27d009d74f4 100644 --- a/2025/3xxx/CVE-2025-3790.json +++ b/2025/3xxx/CVE-2025-3790.json @@ -1,17 +1,118 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3790", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical has been found in baseweb JSite 1.0. This affects an unknown part of the file /druid/index.html of the component Apache Druid Monitoring Console. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in baseweb JSite 1.0 entdeckt. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei /druid/index.html der Komponente Apache Druid Monitoring Console. Dank der Manipulation mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Controls", + "cweId": "CWE-284" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Privilege Assignment", + "cweId": "CWE-266" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "baseweb", + "product": { + "product_data": [ + { + "product_name": "JSite", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.305613", + "refsource": "MISC", + "name": "https://vuldb.com/?id.305613" + }, + { + "url": "https://vuldb.com/?ctiid.305613", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.305613" + }, + { + "url": "https://vuldb.com/?submit.554572", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.554572" + }, + { + "url": "https://github.com/caigo8/CVE-md/blob/main/JSite/durid%E6%9C%AA%E6%8E%88%E6%9D%83.md", + "refsource": "MISC", + "name": "https://github.com/caigo8/CVE-md/blob/main/JSite/durid%E6%9C%AA%E6%8E%88%E6%9D%83.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Caigo (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N" } ] } diff --git a/2025/3xxx/CVE-2025-3794.json b/2025/3xxx/CVE-2025-3794.json new file mode 100644 index 00000000000..25941842185 --- /dev/null +++ b/2025/3xxx/CVE-2025-3794.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-3794", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/40xxx/CVE-2025-40364.json b/2025/40xxx/CVE-2025-40364.json index 601fd3b9485..1c290983ffe 100644 --- a/2025/40xxx/CVE-2025-40364.json +++ b/2025/40xxx/CVE-2025-40364.json @@ -1,18 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-40364", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: fix io_req_prep_async with provided buffers\n\nio_req_prep_async() can import provided buffers, commit the ring state\nby giving up on that before, it'll be reimported later if needed." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "c7fb19428d67dd0a2a78a4f237af01d39c78dc5a", + "version_value": "a1b17713b32c75a90132ea2f92b1257f3bbc20f3" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.19", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.19", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1.129", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.6.78", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/a1b17713b32c75a90132ea2f92b1257f3bbc20f3", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/a1b17713b32c75a90132ea2f92b1257f3bbc20f3" + }, + { + "url": "https://git.kernel.org/stable/c/a94592ec30ff67dc36c424327f1e0a9ceeeb9bd3", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/a94592ec30ff67dc36c424327f1e0a9ceeeb9bd3" + } + ] + }, + "generator": { + "engine": "bippy-1.1.0" } } \ No newline at end of file