From c4c7b4c843f87d358acb9214b6b9986beb6fd0ce Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 28 Apr 2025 08:00:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2025/22xxx/CVE-2025-22235.json | 99 +++++++++++++++++++++++- 2025/4xxx/CVE-2025-4006.json | 109 ++++++++++++++++++++++++++- 2025/4xxx/CVE-2025-4007.json | 133 ++++++++++++++++++++++++++++++++- 3 files changed, 329 insertions(+), 12 deletions(-) diff --git a/2025/22xxx/CVE-2025-22235.json b/2025/22xxx/CVE-2025-22235.json index 42a1a16fee4..429263e2653 100644 --- a/2025/22xxx/CVE-2025-22235.json +++ b/2025/22xxx/CVE-2025-22235.json @@ -1,17 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-22235", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "EndpointRequest.to()\u00a0creates a matcher for null/**\u00a0if the actuator endpoint, for which the EndpointRequest\u00a0has been created, is disabled or not exposed.\n\nYour application may be affected by this if all the following conditions are met:\n\n * You use Spring Security\n * EndpointRequest.to()\u00a0has been used in a Spring Security chain configuration\n * The endpoint which EndpointRequest\u00a0references is disabled or not exposed via web\n * Your application handles requests to /null\u00a0and this path needs protection\n\n\nYou are not affected if any of the following is true:\n\n * You don't use Spring Security\n * You don't use EndpointRequest.to()\n * The endpoint which EndpointRequest.to()\u00a0refers to is enabled and is exposed\n * Your application does not handle requests to /null\u00a0or this path does not need protection" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Spring", + "product": { + "product_data": [ + { + "product_name": "Spring Boot", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.7.x", + "version_value": "2.7.25" + }, + { + "version_affected": "<", + "version_name": "3.1.x", + "version_value": "3.1.16" + }, + { + "version_affected": "<", + "version_name": "3.2.x", + "version_value": "3.2.14" + }, + { + "version_affected": "<", + "version_name": "3.3.x", + "version_value": "3.3.11" + }, + { + "version_affected": "<", + "version_name": "3.4.x", + "version_value": "3.4.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://spring.io/security/cve-2025-22235", + "refsource": "MISC", + "name": "https://spring.io/security/cve-2025-22235" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2025/4xxx/CVE-2025-4006.json b/2025/4xxx/CVE-2025-4006.json index aaac939cd39..0b7ed926223 100644 --- a/2025/4xxx/CVE-2025-4006.json +++ b/2025/4xxx/CVE-2025-4006.json @@ -1,17 +1,118 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-4006", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical has been found in youyiio BeyongCms 1.6.0. Affected is an unknown function of the file /admin/theme/Upload.html of the component Document Management Page. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in youyiio BeyongCms 1.6.0 entdeckt. Es geht dabei um eine nicht klar definierte Funktion der Datei /admin/theme/Upload.html der Komponente Document Management Page. Durch die Manipulation des Arguments File mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unrestricted Upload", + "cweId": "CWE-434" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Controls", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "youyiio", + "product": { + "product_data": [ + { + "product_name": "BeyongCms", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.6.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.306342", + "refsource": "MISC", + "name": "https://vuldb.com/?id.306342" + }, + { + "url": "https://vuldb.com/?ctiid.306342", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.306342" + }, + { + "url": "https://vuldb.com/?submit.558152", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.558152" + }, + { + "url": "https://wiki.shikangsi.com/post/share/7e2d3cf9-6463-4331-a1f5-c270d5695266", + "refsource": "MISC", + "name": "https://wiki.shikangsi.com/post/share/7e2d3cf9-6463-4331-a1f5-c270d5695266" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "wiki (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.7, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.7, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.8, + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P" } ] } diff --git a/2025/4xxx/CVE-2025-4007.json b/2025/4xxx/CVE-2025-4007.json index 0ceb5069733..52167c56e88 100644 --- a/2025/4xxx/CVE-2025-4007.json +++ b/2025/4xxx/CVE-2025-4007.json @@ -1,17 +1,142 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-4007", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). Affected by this vulnerability is the function cgidhcpsCfgSet of the file /goform/modules of the component httpd. The manipulation of the argument json leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "In Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644) wurde eine kritische Schwachstelle entdeckt. Dabei geht es um die Funktion cgidhcpsCfgSet der Datei /goform/modules der Komponente httpd. Durch Manipulation des Arguments json mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption", + "cweId": "CWE-119" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tenda", + "product": { + "product_data": [ + { + "product_name": "W12", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.0.0.4(2887)" + }, + { + "version_affected": "=", + "version_value": "3.0.0.5(3644)" + } + ] + } + }, + { + "product_name": "i24", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.0.0.4(2887)" + }, + { + "version_affected": "=", + "version_value": "3.0.0.5(3644)" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.306343", + "refsource": "MISC", + "name": "https://vuldb.com/?id.306343" + }, + { + "url": "https://vuldb.com/?ctiid.306343", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.306343" + }, + { + "url": "https://vuldb.com/?submit.558165", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.558165" + }, + { + "url": "https://github.com/02Tn/vul/issues/5", + "refsource": "MISC", + "name": "https://github.com/02Tn/vul/issues/5" + }, + { + "url": "https://www.tenda.com.cn/", + "refsource": "MISC", + "name": "https://www.tenda.com.cn/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "T1an (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 8.8, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 9, + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" } ] }