From b8bb461ea26e66d0da3f5b591bbb9ae2529375b2 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 28 Apr 2025 02:00:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/1xxx/CVE-2024-1635.json | 124 +++++++++++++++++++++++++++++++++++ 2025/3xxx/CVE-2025-3994.json | 114 ++++++++++++++++++++++++++++++-- 2025/3xxx/CVE-2025-3995.json | 114 ++++++++++++++++++++++++++++++-- 3 files changed, 344 insertions(+), 8 deletions(-) diff --git a/2024/1xxx/CVE-2024-1635.json b/2024/1xxx/CVE-2024-1635.json index 790f5e6866d..4e63b20fe21 100644 --- a/2024/1xxx/CVE-2024-1635.json +++ b/2024/1xxx/CVE-2024-1635.json @@ -74,6 +74,125 @@ ] } }, + { + "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:1.5.5.016-1.redhat_00001.1.ep7.el7", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "1:1.5.5.016-1.redhat_00001.1.ep7.el7", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:3.5.11-1.Final_redhat_00001.1.ep7.el7", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:1.14.2-1.redhat_00002.1.ep7.el7", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:1.4.18-14.SP13_redhat_00001.1.ep7.el7", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:7.1.10-2.GA_redhat_00002.1.ep7.el7", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:5.0.3-2.redhat_00002.1.ep7.el7", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:2.0.10-2.redhat_00002.1.ep7.el7", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "version": { @@ -505,6 +624,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:4884" }, + { + "url": "https://access.redhat.com/errata/RHSA-2025:4226", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2025:4226" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-1635", "refsource": "MISC", diff --git a/2025/3xxx/CVE-2025-3994.json b/2025/3xxx/CVE-2025-3994.json index 65ac4e9b09b..9131a7a9dad 100644 --- a/2025/3xxx/CVE-2025-3994.json +++ b/2025/3xxx/CVE-2025-3994.json @@ -1,17 +1,123 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3994", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been classified as problematic. Affected is an unknown function of the file /home.htm of the component IP Port Filtering. The manipulation of the argument Comment leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Es wurde eine problematische Schwachstelle in TOTOLINK N150RT 3.4.0-B20190525 ausgemacht. Es betrifft eine unbekannte Funktion der Datei /home.htm der Komponente IP Port Filtering. Mit der Manipulation des Arguments Comment mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting", + "cweId": "CWE-79" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Code Injection", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "TOTOLINK", + "product": { + "product_data": [ + { + "product_name": "N150RT", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.4.0-B20190525" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.306330", + "refsource": "MISC", + "name": "https://vuldb.com/?id.306330" + }, + { + "url": "https://vuldb.com/?ctiid.306330", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.306330" + }, + { + "url": "https://vuldb.com/?submit.557945", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.557945" + }, + { + "url": "https://github.com/fizz-is-on-the-way/Iot_vuls/tree/main/N150RT/XSS_IP_Port_filering", + "refsource": "MISC", + "name": "https://github.com/fizz-is-on-the-way/Iot_vuls/tree/main/N150RT/XSS_IP_Port_filering" + }, + { + "url": "https://www.totolink.net/", + "refsource": "MISC", + "name": "https://www.totolink.net/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "lcyf-fizz (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 2.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 2.4, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 3.3, + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N" } ] } diff --git a/2025/3xxx/CVE-2025-3995.json b/2025/3xxx/CVE-2025-3995.json index 990db197582..954810e4557 100644 --- a/2025/3xxx/CVE-2025-3995.json +++ b/2025/3xxx/CVE-2025-3995.json @@ -1,17 +1,123 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3995", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /boafrm/fromStaticDHCP of the component LAN Settings Page. The manipulation of the argument Hostname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "In TOTOLINK N150RT 3.4.0-B20190525 wurde eine problematische Schwachstelle ausgemacht. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /boafrm/fromStaticDHCP der Komponente LAN Settings Page. Durch die Manipulation des Arguments Hostname mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting", + "cweId": "CWE-79" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Code Injection", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "TOTOLINK", + "product": { + "product_data": [ + { + "product_name": "N150RT", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.4.0-B20190525" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.306331", + "refsource": "MISC", + "name": "https://vuldb.com/?id.306331" + }, + { + "url": "https://vuldb.com/?ctiid.306331", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.306331" + }, + { + "url": "https://vuldb.com/?submit.557946", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.557946" + }, + { + "url": "https://github.com/fizz-is-on-the-way/Iot_vuls/tree/main/N150RT/XSS_LAN_settings", + "refsource": "MISC", + "name": "https://github.com/fizz-is-on-the-way/Iot_vuls/tree/main/N150RT/XSS_LAN_settings" + }, + { + "url": "https://www.totolink.net/", + "refsource": "MISC", + "name": "https://www.totolink.net/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "lcyf-fizz (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 2.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 2.4, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 3.3, + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N" } ] }