From b9670d9928a3c8e51a402ce3eacf47f9ad252567 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 28 May 2025 12:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2025/3xxx/CVE-2025-3864.json | 74 +++++++++++++++++++++-- 2025/4xxx/CVE-2025-4009.json | 4 +- 2025/5xxx/CVE-2025-5295.json | 109 +++++++++++++++++++++++++++++++-- 2025/5xxx/CVE-2025-5297.json | 114 +++++++++++++++++++++++++++++++++-- 2025/5xxx/CVE-2025-5298.json | 114 +++++++++++++++++++++++++++++++++-- 2025/5xxx/CVE-2025-5303.json | 18 ++++++ 2025/5xxx/CVE-2025-5304.json | 18 ++++++ 7 files changed, 432 insertions(+), 19 deletions(-) create mode 100644 2025/5xxx/CVE-2025-5303.json create mode 100644 2025/5xxx/CVE-2025-5304.json diff --git a/2025/3xxx/CVE-2025-3864.json b/2025/3xxx/CVE-2025-3864.json index e6367170ef4..9b7bb9dfbae 100644 --- a/2025/3xxx/CVE-2025-3864.json +++ b/2025/3xxx/CVE-2025-3864.json @@ -1,18 +1,82 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3864", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cvd@cert.pl", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Hackney fails to properly release HTTP connections to the pool after handling 307 Temporary Redirect responses. Remote attackers can exploit this to exhaust connection pools, causing denial of service in applications using the library.\nFix for this issue has been included in\u00a01.24.0 release." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-772 Missing Release of Resource after Effective Lifetime", + "cweId": "CWE-772" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "hackney", + "product": { + "product_data": [ + { + "product_name": "hackney", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "1.24.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/benoitc/hackney/issues/717", + "refsource": "MISC", + "name": "https://github.com/benoitc/hackney/issues/717" + }, + { + "url": "https://cert.pl/en/posts/2025/05/CVE-2025-3864/", + "refsource": "MISC", + "name": "https://cert.pl/en/posts/2025/05/CVE-2025-3864/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Micha\u0142 Majchrowicz, Marcin Wyczechowski, and Pawe\u0142 Zdunek \u2014 members of the AFINE Team" + } + ] } \ No newline at end of file diff --git a/2025/4xxx/CVE-2025-4009.json b/2025/4xxx/CVE-2025-4009.json index b3f49bb061a..5e135e38031 100644 --- a/2025/4xxx/CVE-2025-4009.json +++ b/2025/4xxx/CVE-2025-4009.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "The Evertz SVDN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a\u00a0web management interface on port 80. This web management interface can be used by administrators to control product\nfeatures, setup network switching, and register license among other features. The application has been developed in PHP with\u00a0the webEASY SDK, also named \u2018ewb\u2019 by Evertz.\n\nThis web interface has two endpoints that are vulnerable to arbitrary command injection and the authentication mechanism has a flaw leading to authentication bypass.\n\nRemote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices.\n\nThis level of access could lead to serious business impact such as the interruption of media streaming, modification of media being streamed, alteration of closed captions being generated, among others." + "value": "The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a\u00a0web management interface on port 80. This web management interface can be used by administrators to control product\nfeatures, setup network switching, and register license among other features. The application has been developed in PHP with\u00a0the webEASY SDK, also named \u2018ewb\u2019 by Evertz.\n\nThis web interface has two endpoints that are vulnerable to arbitrary command injection and the authentication mechanism has a flaw leading to authentication bypass.\n\nRemote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices.\n\nThis level of access could lead to serious business impact such as the interruption of media streaming, modification of media being streamed, alteration of closed captions being generated, among others." } ] }, @@ -45,7 +45,7 @@ "product": { "product_data": [ { - "product_name": "SVDN 3080ipx-10G", + "product_name": "3080ipx-10G", "version": { "version_data": [ { diff --git a/2025/5xxx/CVE-2025-5295.json b/2025/5xxx/CVE-2025-5295.json index 542b8d5e12e..83eeb86de64 100644 --- a/2025/5xxx/CVE-2025-5295.json +++ b/2025/5xxx/CVE-2025-5295.json @@ -1,17 +1,118 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-5295", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical was found in FreeFloat FTP Server 1.0.0. This vulnerability affects unknown code of the component PORT Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "In FreeFloat FTP Server 1.0.0 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Es geht um eine nicht n\u00e4her bekannte Funktion der Komponente PORT Command Handler. Dank der Manipulation mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow", + "cweId": "CWE-120" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption", + "cweId": "CWE-119" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "FreeFloat", + "product": { + "product_data": [ + { + "product_name": "FTP Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.310420", + "refsource": "MISC", + "name": "https://vuldb.com/?id.310420" + }, + { + "url": "https://vuldb.com/?ctiid.310420", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.310420" + }, + { + "url": "https://vuldb.com/?submit.582988", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.582988" + }, + { + "url": "https://fitoxs.com/exploit/exploit-4f6236b59b5119d64718e994b0f3d63a755e7cb5a496e3846b92dfb960f1a80a.txt", + "refsource": "MISC", + "name": "https://fitoxs.com/exploit/exploit-4f6236b59b5119d64718e994b0f3d63a755e7cb5a496e3846b92dfb960f1a80a.txt" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Fernando Mengali (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 7.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 7.5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ] } diff --git a/2025/5xxx/CVE-2025-5297.json b/2025/5xxx/CVE-2025-5297.json index b97bd11aa64..cc058ff8bea 100644 --- a/2025/5xxx/CVE-2025-5297.json +++ b/2025/5xxx/CVE-2025-5297.json @@ -1,17 +1,123 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-5297", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, has been found in SourceCodester Computer Store System 1.0. This issue affects the function Add of the file main.c. The manipulation of the argument laptopcompany/RAM/Processor leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in SourceCodester Computer Store System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Es geht hierbei um die Funktion Add der Datei main.c. Dank Manipulation des Arguments laptopcompany/RAM/Processor mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption", + "cweId": "CWE-119" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Computer Store System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.310421", + "refsource": "MISC", + "name": "https://vuldb.com/?id.310421" + }, + { + "url": "https://vuldb.com/?ctiid.310421", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.310421" + }, + { + "url": "https://vuldb.com/?submit.585114", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.585114" + }, + { + "url": "https://github.com/byxs0x0/cve/issues/6", + "refsource": "MISC", + "name": "https://github.com/byxs0x0/cve/issues/6" + }, + { + "url": "https://www.sourcecodester.com/", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "wanglun (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.3, + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 4.3, + "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2025/5xxx/CVE-2025-5298.json b/2025/5xxx/CVE-2025-5298.json index 7a036d20834..525c24dab09 100644 --- a/2025/5xxx/CVE-2025-5298.json +++ b/2025/5xxx/CVE-2025-5298.json @@ -1,17 +1,123 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-5298", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, was found in Campcodes Online Hospital Management System 1.0. Affected is an unknown function of the file /admin/betweendates-detailsreports.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in Campcodes Online Hospital Management System 1.0 gefunden. Sie wurde als kritisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei /admin/betweendates-detailsreports.php. Mit der Manipulation des Arguments fromdate/todate mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection", + "cweId": "CWE-89" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Injection", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Campcodes", + "product": { + "product_data": [ + { + "product_name": "Online Hospital Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.310422", + "refsource": "MISC", + "name": "https://vuldb.com/?id.310422" + }, + { + "url": "https://vuldb.com/?ctiid.310422", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.310422" + }, + { + "url": "https://vuldb.com/?submit.585161", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.585161" + }, + { + "url": "https://github.com/RS7325/cve/issues/2", + "refsource": "MISC", + "name": "https://github.com/RS7325/cve/issues/2" + }, + { + "url": "https://www.campcodes.com/", + "refsource": "MISC", + "name": "https://www.campcodes.com/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "RayZ7z (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 7.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 7.5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ] } diff --git a/2025/5xxx/CVE-2025-5303.json b/2025/5xxx/CVE-2025-5303.json new file mode 100644 index 00000000000..bb7af0e65ff --- /dev/null +++ b/2025/5xxx/CVE-2025-5303.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-5303", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/5xxx/CVE-2025-5304.json b/2025/5xxx/CVE-2025-5304.json new file mode 100644 index 00000000000..d6a31740f64 --- /dev/null +++ b/2025/5xxx/CVE-2025-5304.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-5304", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file