"-Synchronized-Data."

2025-07-29 05:56:59 +00:00 · 2025-05-18 09:00:33 +00:00 · 2025-05-18 09:00:33 +00:00 · c6374d6ee7
commit c6374d6ee7
parent 571e36cfd9
2 changed files with 211 additions and 8 deletions
--- a/2025/4xxx/CVE-2025-4866.json
+++ b/2025/4xxx/CVE-2025-4866.json
@ -1,17 +1,123 @@
 {
+    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2025-4866",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "cna@vuldb.com",
+        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A vulnerability was found in weibocom rill-flow 0.1.18. It has been classified as critical. Affected is an unknown function of the component Management Console. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
+            },
+            {
+                "lang": "deu",
+                "value": "Es wurde eine kritische Schwachstelle in weibocom rill-flow 0.1.18 ausgemacht. Dabei betrifft es einen unbekannter Codeteil der Komponente Management Console. Dank der Manipulation mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Code Injection",
+                        "cweId": "CWE-94"
+                    }
+                ]
+            },
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Injection",
+                        "cweId": "CWE-74"
+                    }
+                ]
+            }
+        ]
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "weibocom",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "rill-flow",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "=",
+                                            "version_value": "0.1.18"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://vuldb.com/?id.309408",
+                "refsource": "MISC",
+                "name": "https://vuldb.com/?id.309408"
+            },
+            {
+                "url": "https://vuldb.com/?ctiid.309408",
+                "refsource": "MISC",
+                "name": "https://vuldb.com/?ctiid.309408"
+            },
+            {
+                "url": "https://vuldb.com/?submit.575478",
+                "refsource": "MISC",
+                "name": "https://vuldb.com/?submit.575478"
+            },
+            {
+                "url": "https://github.com/weibocom/rill-flow/issues/102",
+                "refsource": "MISC",
+                "name": "https://github.com/weibocom/rill-flow/issues/102"
+            },
+            {
+                "url": "https://github.com/weibocom/rill-flow/issues/102#issue-2933822293",
+                "refsource": "MISC",
+                "name": "https://github.com/weibocom/rill-flow/issues/102#issue-2933822293"
+            }
+        ]
+    },
+    "credits": [
+        {
+            "lang": "en",
+            "value": "startr4ck (VulDB User)"
+        }
+    ],
+    "impact": {
+        "cvss": [
+            {
+                "version": "3.1",
+                "baseScore": 6.3,
+                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+                "baseSeverity": "MEDIUM"
+            },
+            {
+                "version": "3.0",
+                "baseScore": 6.3,
+                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+                "baseSeverity": "MEDIUM"
+            },
+            {
+                "version": "2.0",
+                "baseScore": 6.5,
+                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
            }
        ]
    }
--- a/2025/4xxx/CVE-2025-4867.json
+++ b/2025/4xxx/CVE-2025-4867.json
@ -1,17 +1,114 @@
 {
+    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2025-4867",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "cna@vuldb.com",
+        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A vulnerability was found in Tenda A15 15.13.07.13. It has been declared as problematic. Affected by this vulnerability is the function formArpNerworkSet of the file /goform/ArpNerworkSet. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
+            },
+            {
+                "lang": "deu",
+                "value": "In Tenda A15 15.13.07.13 wurde eine problematische Schwachstelle ausgemacht. Hierbei betrifft es die Funktion formArpNerworkSet der Datei /goform/ArpNerworkSet. Dank Manipulation mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Denial of Service",
+                        "cweId": "CWE-404"
+                    }
+                ]
+            }
+        ]
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "Tenda",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "A15",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "=",
+                                            "version_value": "15.13.07.13"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://vuldb.com/?id.309409",
+                "refsource": "MISC",
+                "name": "https://vuldb.com/?id.309409"
+            },
+            {
+                "url": "https://vuldb.com/?ctiid.309409",
+                "refsource": "MISC",
+                "name": "https://vuldb.com/?ctiid.309409"
+            },
+            {
+                "url": "https://vuldb.com/?submit.575501",
+                "refsource": "MISC",
+                "name": "https://vuldb.com/?submit.575501"
+            },
+            {
+                "url": "https://github.com/xubeining/Cve_report/blob/main/Notification%20of%20Denial%20of%20Service%20Vulnerability%20in%20Tenda%20A15%20Router%20(Version%20V15.13.07.13)%20by%20Shenzhen%20Jixiang%20Tenda%20Technology.md",
+                "refsource": "MISC",
+                "name": "https://github.com/xubeining/Cve_report/blob/main/Notification%20of%20Denial%20of%20Service%20Vulnerability%20in%20Tenda%20A15%20Router%20(Version%20V15.13.07.13)%20by%20Shenzhen%20Jixiang%20Tenda%20Technology.md"
+            },
+            {
+                "url": "https://www.tenda.com.cn/",
+                "refsource": "MISC",
+                "name": "https://www.tenda.com.cn/"
+            }
+        ]
+    },
+    "credits": [
+        {
+            "lang": "en",
+            "value": "xubeining (VulDB User)"
+        }
+    ],
+    "impact": {
+        "cvss": [
+            {
+                "version": "3.1",
+                "baseScore": 6.5,
+                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+                "baseSeverity": "MEDIUM"
+            },
+            {
+                "version": "3.0",
+                "baseScore": 6.5,
+                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+                "baseSeverity": "MEDIUM"
+            },
+            {
+                "version": "2.0",
+                "baseScore": 6.8,
+                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C"
            }
        ]
    }