From 5008c05418dc2e13e3eb12aba1d69c0f30dc0d25 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 19 Apr 2025 15:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2025/3xxx/CVE-2025-3801.json | 149 ++++++++++++++++++++++++++++++++++- 2025/3xxx/CVE-2025-3802.json | 133 ++++++++++++++++++++++++++++++- 2025/3xxx/CVE-2025-3821.json | 18 +++++ 2025/3xxx/CVE-2025-3822.json | 18 +++++ 2025/3xxx/CVE-2025-3823.json | 18 +++++ 2025/3xxx/CVE-2025-3824.json | 18 +++++ 2025/3xxx/CVE-2025-3825.json | 18 +++++ 2025/3xxx/CVE-2025-3826.json | 18 +++++ 8 files changed, 382 insertions(+), 8 deletions(-) create mode 100644 2025/3xxx/CVE-2025-3821.json create mode 100644 2025/3xxx/CVE-2025-3822.json create mode 100644 2025/3xxx/CVE-2025-3823.json create mode 100644 2025/3xxx/CVE-2025-3824.json create mode 100644 2025/3xxx/CVE-2025-3825.json create mode 100644 2025/3xxx/CVE-2025-3826.json diff --git a/2025/3xxx/CVE-2025-3801.json b/2025/3xxx/CVE-2025-3801.json index 408574a7502..fcef3b56952 100644 --- a/2025/3xxx/CVE-2025-3801.json +++ b/2025/3xxx/CVE-2025-3801.json @@ -1,17 +1,158 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3801", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in songquanpeng one-api up to 0.6.10. It has been classified as problematic. This affects an unknown part of the component System Setting Handler. The manipulation of the argument Homepage Content leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in songquanpeng one-api bis 0.6.10 ausgemacht. Sie wurde als problematisch eingestuft. Es betrifft eine unbekannte Funktion der Komponente System Setting Handler. Durch das Beeinflussen des Arguments Homepage Content mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting", + "cweId": "CWE-79" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Code Injection", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "songquanpeng", + "product": { + "product_data": [ + { + "product_name": "one-api", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0.6.0" + }, + { + "version_affected": "=", + "version_value": "0.6.1" + }, + { + "version_affected": "=", + "version_value": "0.6.2" + }, + { + "version_affected": "=", + "version_value": "0.6.3" + }, + { + "version_affected": "=", + "version_value": "0.6.4" + }, + { + "version_affected": "=", + "version_value": "0.6.5" + }, + { + "version_affected": "=", + "version_value": "0.6.6" + }, + { + "version_affected": "=", + "version_value": "0.6.7" + }, + { + "version_affected": "=", + "version_value": "0.6.8" + }, + { + "version_affected": "=", + "version_value": "0.6.9" + }, + { + "version_affected": "=", + "version_value": "0.6.10" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.305655", + "refsource": "MISC", + "name": "https://vuldb.com/?id.305655" + }, + { + "url": "https://vuldb.com/?ctiid.305655", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.305655" + }, + { + "url": "https://vuldb.com/?submit.554702", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.554702" + }, + { + "url": "https://github.com/yaowenxiao721/Poc/blob/main/One-API/One-API-poc.md", + "refsource": "MISC", + "name": "https://github.com/yaowenxiao721/Poc/blob/main/One-API/One-API-poc.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "yaowenxiao (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 2.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 2.4, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 3.3, + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N" } ] } diff --git a/2025/3xxx/CVE-2025-3802.json b/2025/3xxx/CVE-2025-3802.json index dcb6c117ac9..c00749e4dcd 100644 --- a/2025/3xxx/CVE-2025-3802.json +++ b/2025/3xxx/CVE-2025-3802.json @@ -1,17 +1,142 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3802", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). It has been declared as critical. This vulnerability affects the function cgiPingSet of the file /bin/httpd. The manipulation of the argument pingIP leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "In Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644) wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Das betrifft die Funktion cgiPingSet der Datei /bin/httpd. Durch Beeinflussen des Arguments pingIP mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption", + "cweId": "CWE-119" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tenda", + "product": { + "product_data": [ + { + "product_name": "W12", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.0.0.4(2887)" + }, + { + "version_affected": "=", + "version_value": "3.0.0.5(3644)" + } + ] + } + }, + { + "product_name": "i24", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.0.0.4(2887)" + }, + { + "version_affected": "=", + "version_value": "3.0.0.5(3644)" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.305656", + "refsource": "MISC", + "name": "https://vuldb.com/?id.305656" + }, + { + "url": "https://vuldb.com/?ctiid.305656", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.305656" + }, + { + "url": "https://vuldb.com/?submit.554746", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.554746" + }, + { + "url": "https://github.com/02Tn/vul/issues/2", + "refsource": "MISC", + "name": "https://github.com/02Tn/vul/issues/2" + }, + { + "url": "https://www.tenda.com.cn/", + "refsource": "MISC", + "name": "https://www.tenda.com.cn/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "T1an (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 8.8, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 9, + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" } ] } diff --git a/2025/3xxx/CVE-2025-3821.json b/2025/3xxx/CVE-2025-3821.json new file mode 100644 index 00000000000..82b4a931344 --- /dev/null +++ b/2025/3xxx/CVE-2025-3821.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-3821", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/3xxx/CVE-2025-3822.json b/2025/3xxx/CVE-2025-3822.json new file mode 100644 index 00000000000..fc849b0525a --- /dev/null +++ b/2025/3xxx/CVE-2025-3822.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-3822", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/3xxx/CVE-2025-3823.json b/2025/3xxx/CVE-2025-3823.json new file mode 100644 index 00000000000..464b7aa558b --- /dev/null +++ b/2025/3xxx/CVE-2025-3823.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-3823", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/3xxx/CVE-2025-3824.json b/2025/3xxx/CVE-2025-3824.json new file mode 100644 index 00000000000..b6c97311076 --- /dev/null +++ b/2025/3xxx/CVE-2025-3824.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-3824", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/3xxx/CVE-2025-3825.json b/2025/3xxx/CVE-2025-3825.json new file mode 100644 index 00000000000..aa949fecd71 --- /dev/null +++ b/2025/3xxx/CVE-2025-3825.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-3825", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/3xxx/CVE-2025-3826.json b/2025/3xxx/CVE-2025-3826.json new file mode 100644 index 00000000000..51cf6375d60 --- /dev/null +++ b/2025/3xxx/CVE-2025-3826.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-3826", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file