From ad6eea8f9862552b53a71362b8c09c6e45a5d48f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 1 May 2025 23:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/52xxx/CVE-2024-52903.json | 91 +++++++++++++++++++++++++-- 2025/1xxx/CVE-2025-1333.json | 101 ++++++++++++++++++++++++++++-- 2025/4xxx/CVE-2025-4178.json | 100 ++++++++++++++++++++++++++++-- 2025/4xxx/CVE-2025-4180.json | 109 +++++++++++++++++++++++++++++++-- 2025/4xxx/CVE-2025-4181.json | 109 +++++++++++++++++++++++++++++++-- 2025/4xxx/CVE-2025-4206.json | 18 ++++++ 6 files changed, 508 insertions(+), 20 deletions(-) create mode 100644 2025/4xxx/CVE-2025-4206.json diff --git a/2024/52xxx/CVE-2024-52903.json b/2024/52xxx/CVE-2024-52903.json index 2f4d055eb95..5f68a93201b 100644 --- a/2024/52xxx/CVE-2024-52903.json +++ b/2024/52xxx/CVE-2024-52903.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-52903", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Db2 for Linux, UNIX and Windows 12.1.0 and 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Db2 for Linux, UNIX and Windows", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.1.0, 12.1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7232336", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7232336" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Customers running any vulnerable affected level of an affected Program, V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V12.1. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\n\n
" + } + ], + "value": "Customers running any vulnerable affected level of an affected Program, V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V12.1. They can be applied to any affected level of the appropriate release to remediate this vulnerability." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2025/1xxx/CVE-2025-1333.json b/2025/1xxx/CVE-2025-1333.json index ec818d0eec5..03c4ce94780 100644 --- a/2025/1xxx/CVE-2025-1333.json +++ b/2025/1xxx/CVE-2025-1333.json @@ -1,17 +1,110 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-1333", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM MQ Container when used with the IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10 and configured with Cloud Pak for Integration Keycloak could disclose sensitive information to a privileged user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-214 Invocation of Process Using Visible Sensitive Information", + "cweId": "CWE-214" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "MQ Operator", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "2.0.0 LTS", + "version_value": "2.0.29 LTS" + }, + { + "version_affected": "=", + "version_value": "3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1 CD" + }, + { + "version_affected": "<=", + "version_name": "3.2.0 SC2", + "version_value": "3.2.10 SC2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7232272", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7232272" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Issues mentioned by this security bulletin are addressed in 
IBM MQ Operator v3.5.2 CD release that included IBM supplied MQ Advanced 9.4.2.1-r1 container image.
IBM MQ Operator v3.2.11 SC2 release that included IBM supplied MQ Advanced 9.4.0.11-r1 container image.
IBM MQ Container 9.4.2.1-r1 release.
IBM strongly recommends applying the latest container images." + } + ], + "value": "Issues mentioned by this security bulletin are addressed in\u00a0\nIBM MQ Operator v3.5.2 CD release that included IBM supplied MQ Advanced 9.4.2.1-r1 container image. \nIBM MQ Operator v3.2.11 SC2 release that included IBM supplied MQ Advanced 9.4.0.11-r1 container image.\nIBM MQ Container 9.4.2.1-r1 release.\nIBM strongly recommends applying the latest container images." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2025/4xxx/CVE-2025-4178.json b/2025/4xxx/CVE-2025-4178.json index 322a7e8b4fe..e7bdb063969 100644 --- a/2025/4xxx/CVE-2025-4178.json +++ b/2025/4xxx/CVE-2025-4178.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-4178", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in xiaowei1118 java_server up to 11a5bac8f4ba1c17e4bc1b27cad6d24868500e3a on Windows and classified as critical. This issue affects some unknown processing of the file /src/main/java/com/changyu/foryou/controller/FoodController.java of the component File Upload API. The manipulation leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in xiaowei1118 java_server bis 11a5bac8f4ba1c17e4bc1b27cad6d24868500e3a f\u00fcr Windows gefunden. Dies betrifft einen unbekannten Teil der Datei /src/main/java/com/changyu/foryou/controller/FoodController.java der Komponente File Upload API. Durch das Manipulieren mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Dieses Produkt setzt Rolling Releases ein. Aus diesem Grund sind Details zu betroffenen oder zu aktualisierende Versionen nicht verf\u00fcgbar." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "xiaowei1118", + "product": { + "product_data": [ + { + "product_name": "java_server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11a5bac8f4ba1c17e4bc1b27cad6d24868500e3a" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.306797", + "refsource": "MISC", + "name": "https://vuldb.com/?id.306797" + }, + { + "url": "https://vuldb.com/?ctiid.306797", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.306797" + }, + { + "url": "https://vuldb.com/?submit.561794", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.561794" + }, + { + "url": "https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250418-02.md", + "refsource": "MISC", + "name": "https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250418-02.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "ShenxiuSecurity (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.4, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.5, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P" } ] } diff --git a/2025/4xxx/CVE-2025-4180.json b/2025/4xxx/CVE-2025-4180.json index 602af8fa027..e01369938fa 100644 --- a/2025/4xxx/CVE-2025-4180.json +++ b/2025/4xxx/CVE-2025-4180.json @@ -1,17 +1,118 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-4180", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in PCMan FTP Server 2.0.7. It has been classified as critical. Affected is an unknown function of the component TRACE Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in PCMan FTP Server 2.0.7 ausgemacht. Dabei betrifft es einen unbekannter Codeteil der Komponente TRACE Command Handler. Durch Manipulieren mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow", + "cweId": "CWE-120" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption", + "cweId": "CWE-119" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PCMan", + "product": { + "product_data": [ + { + "product_name": "FTP Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.306798", + "refsource": "MISC", + "name": "https://vuldb.com/?id.306798" + }, + { + "url": "https://vuldb.com/?ctiid.306798", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.306798" + }, + { + "url": "https://vuldb.com/?submit.561035", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.561035" + }, + { + "url": "https://fitoxs.com/exploit/exploit-25d55ad283aa400af464c76d713c07ad.txt", + "refsource": "MISC", + "name": "https://fitoxs.com/exploit/exploit-25d55ad283aa400af464c76d713c07ad.txt" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Fernando Mengali (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 7.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 7.5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ] } diff --git a/2025/4xxx/CVE-2025-4181.json b/2025/4xxx/CVE-2025-4181.json index c87d7d8b0b7..19b5e4b832f 100644 --- a/2025/4xxx/CVE-2025-4181.json +++ b/2025/4xxx/CVE-2025-4181.json @@ -1,17 +1,118 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-4181", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in PCMan FTP Server 2.0.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component SEND Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "In PCMan FTP Server 2.0.7 wurde eine kritische Schwachstelle ausgemacht. Hierbei betrifft es unbekannten Programmcode der Komponente SEND Command Handler. Durch das Beeinflussen mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow", + "cweId": "CWE-120" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption", + "cweId": "CWE-119" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PCMan", + "product": { + "product_data": [ + { + "product_name": "FTP Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.306799", + "refsource": "MISC", + "name": "https://vuldb.com/?id.306799" + }, + { + "url": "https://vuldb.com/?ctiid.306799", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.306799" + }, + { + "url": "https://vuldb.com/?submit.561139", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.561139" + }, + { + "url": "https://fitoxs.com/exploit/exploit-202cb962ac59075b964b07152d234b70.txt", + "refsource": "MISC", + "name": "https://fitoxs.com/exploit/exploit-202cb962ac59075b964b07152d234b70.txt" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Fernando Mengali (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 7.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 7.5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ] } diff --git a/2025/4xxx/CVE-2025-4206.json b/2025/4xxx/CVE-2025-4206.json new file mode 100644 index 00000000000..27a73c27bc5 --- /dev/null +++ b/2025/4xxx/CVE-2025-4206.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-4206", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file