From 8702100e8e842a42ddedae21db2adbf261d477ea Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 16 Apr 2025 20:00:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2025/24xxx/CVE-2025-24421.json | 2 +- 2025/24xxx/CVE-2025-24427.json | 2 +- 2025/29xxx/CVE-2025-29648.json | 56 +++++++++++++++-- 2025/29xxx/CVE-2025-29649.json | 56 +++++++++++++++-- 2025/29xxx/CVE-2025-29650.json | 56 +++++++++++++++-- 2025/32xxx/CVE-2025-32817.json | 61 ++++++++++++++++-- 2025/3xxx/CVE-2025-3723.json | 109 +++++++++++++++++++++++++++++++-- 2025/3xxx/CVE-2025-3724.json | 109 +++++++++++++++++++++++++++++++-- 2025/3xxx/CVE-2025-3746.json | 18 ++++++ 9 files changed, 437 insertions(+), 32 deletions(-) create mode 100644 2025/3xxx/CVE-2025-3746.json diff --git a/2025/24xxx/CVE-2025-24421.json b/2025/24xxx/CVE-2025-24421.json index 63a2d6420e2..3d725a9879a 100644 --- a/2025/24xxx/CVE-2025-24421.json +++ b/2025/24xxx/CVE-2025-24421.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to modify select data. Exploitation of this issue does not require user interaction" + "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to read select data. Exploitation of this issue does not require user interaction" } ] }, diff --git a/2025/24xxx/CVE-2025-24427.json b/2025/24xxx/CVE-2025-24427.json index 2bdfb863121..dcee0a4ca83 100644 --- a/2025/24xxx/CVE-2025-24427.json +++ b/2025/24xxx/CVE-2025-24427.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction." + "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user interaction." } ] }, diff --git a/2025/29xxx/CVE-2025-29648.json b/2025/29xxx/CVE-2025-29648.json index 0d02c3300fd..9c0edb424b2 100644 --- a/2025/29xxx/CVE-2025-29648.json +++ b/2025/29xxx/CVE-2025-29648.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-29648", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-29648", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Injection vulnerability exists in the TP-Link EAP120 router s login dashboard (version 1.0), allowing an unauthenticated attacker to inject malicious SQL statements via the login fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/TheVeteran1/Vulnerability-Research/blob/main/CVE-2025-29648", + "url": "https://github.com/TheVeteran1/Vulnerability-Research/blob/main/CVE-2025-29648" } ] } diff --git a/2025/29xxx/CVE-2025-29649.json b/2025/29xxx/CVE-2025-29649.json index 3dd0428696b..7ec1f3bbf93 100644 --- a/2025/29xxx/CVE-2025-29649.json +++ b/2025/29xxx/CVE-2025-29649.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-29649", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-29649", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Injection vulnerability exists in the TP-Link TL-WR840N router s login dashboard (version 1.0), allowing an unauthenticated attacker to inject malicious SQL statements via the username and password fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/TheVeteran1/Vulnerability-Research/blob/main/CVE-2025-29649", + "url": "https://github.com/TheVeteran1/Vulnerability-Research/blob/main/CVE-2025-29649" } ] } diff --git a/2025/29xxx/CVE-2025-29650.json b/2025/29xxx/CVE-2025-29650.json index 8853b439e0c..81cb536f724 100644 --- a/2025/29xxx/CVE-2025-29650.json +++ b/2025/29xxx/CVE-2025-29650.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-29650", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-29650", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Injection vulnerability exists in the TP-Link M7200 4G LTE Mobile Wi-Fi Router Firmware Version: 1.0.7 Build 180127 Rel.55998n, allowing an unauthenticated attacker to inject malicious SQL statements via the username and password fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/TheVeteran1/Vulnerability-Research/blob/main/CVE-2025-29650", + "url": "https://github.com/TheVeteran1/Vulnerability-Research/blob/main/CVE-2025-29650" } ] } diff --git a/2025/32xxx/CVE-2025-32817.json b/2025/32xxx/CVE-2025-32817.json index c87b3d9e085..5e6cf911b3d 100644 --- a/2025/32xxx/CVE-2025-32817.json +++ b/2025/32xxx/CVE-2025-32817.json @@ -1,18 +1,71 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-32817", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "PSIRT@sonicwall.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Improper Link Resolution vulnerability (CWE-59) in the SonicWall Connect Tunnel Windows (32 and 64 bit) client, this results in unauthorized file overwrite, potentially leading to denial of service or file corruption." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-59 Improper Link Resolution Before File Access ('Link Following')", + "cweId": "CWE-59" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SonicWall", + "product": { + "product_data": [ + { + "product_name": "Connect Tunnel", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.4.3.283 and earlier versions" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0007", + "refsource": "MISC", + "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0007" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "SNWLID-2025-0007", + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2025/3xxx/CVE-2025-3723.json b/2025/3xxx/CVE-2025-3723.json index a83b907f79f..ddf234c86a4 100644 --- a/2025/3xxx/CVE-2025-3723.json +++ b/2025/3xxx/CVE-2025-3723.json @@ -1,17 +1,118 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3723", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in PCMan FTP Server 2.0.7 and classified as critical. This issue affects some unknown processing of the component MDTM Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in PCMan FTP Server 2.0.7 gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Komponente MDTM Command Handler. Mittels Manipulieren mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow", + "cweId": "CWE-120" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption", + "cweId": "CWE-119" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PCMan", + "product": { + "product_data": [ + { + "product_name": "FTP Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.305069", + "refsource": "MISC", + "name": "https://vuldb.com/?id.305069" + }, + { + "url": "https://vuldb.com/?ctiid.305069", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.305069" + }, + { + "url": "https://vuldb.com/?submit.552796", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.552796" + }, + { + "url": "https://fitoxs.com/exploit/exploit-d41d8cd98f00b204e9800998ecf8427e.txt", + "refsource": "MISC", + "name": "https://fitoxs.com/exploit/exploit-d41d8cd98f00b204e9800998ecf8427e.txt" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Fernando Mengali (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 7.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 7.5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ] } diff --git a/2025/3xxx/CVE-2025-3724.json b/2025/3xxx/CVE-2025-3724.json index 54367751191..5614b49622b 100644 --- a/2025/3xxx/CVE-2025-3724.json +++ b/2025/3xxx/CVE-2025-3724.json @@ -1,17 +1,118 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3724", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in PCMan FTP Server 2.0.7. It has been classified as critical. Affected is an unknown function of the component DIR Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in PCMan FTP Server 2.0.7 ausgemacht. Es betrifft eine unbekannte Funktion der Komponente DIR Command Handler. Durch das Manipulieren mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow", + "cweId": "CWE-120" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption", + "cweId": "CWE-119" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PCMan", + "product": { + "product_data": [ + { + "product_name": "FTP Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.305070", + "refsource": "MISC", + "name": "https://vuldb.com/?id.305070" + }, + { + "url": "https://vuldb.com/?ctiid.305070", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.305070" + }, + { + "url": "https://vuldb.com/?submit.552808", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.552808" + }, + { + "url": "https://fitoxs.com/exploit/exploit-21232f297a57a5a743894a0e4a801fc3.txt", + "refsource": "MISC", + "name": "https://fitoxs.com/exploit/exploit-21232f297a57a5a743894a0e4a801fc3.txt" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Fernando Mengali (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 7.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 7.5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ] } diff --git a/2025/3xxx/CVE-2025-3746.json b/2025/3xxx/CVE-2025-3746.json new file mode 100644 index 00000000000..d148435ac6c --- /dev/null +++ b/2025/3xxx/CVE-2025-3746.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-3746", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file