admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-05-17 16:00:33 +00:00
parent 5b65f110f2
commit e79cad4e03
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
4 changed files with 402 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
2025/47xxx/CVE-2025-47273.json
View File

@ -1,18 +1,83 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-47273",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "pypa",
"product": {
"product_data": [
{
"product_name": "setuptools",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 78.1.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf",
"refsource": "MISC",
"name": "https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf"
},
{
"url": "https://github.com/pypa/setuptools/issues/4946",
"refsource": "MISC",
"name": "https://github.com/pypa/setuptools/issues/4946"
},
{
"url": "https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b",
"refsource": "MISC",
"name": "https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b"
},
{
"url": "https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88",
"refsource": "MISC",
"name": "https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88"
}
]
},
"source": {
"advisory": "GHSA-5rjg-fvgr-3xxf",
"discovery": "UNKNOWN"
}
}

73
2025/47xxx/CVE-2025-47931.json
View File

@ -1,18 +1,83 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-47931",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "LibreNMS is PHP/MySQL/SNMP based network monitoring software. LibreNMS v25.4.0 and prior suffers from a Stored Cross-Site Scripting (XSS) Vulnerability in the `group name` parameter of the `http://localhost/poller/groups` form. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users. LibreNMS v25.5.0 contains a patch for the issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "librenms",
"product": {
"product_data": [
{
"product_name": "librenms",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 25.5.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-hxw5-9cc5-cmw5",
"refsource": "MISC",
"name": "https://github.com/librenms/librenms/security/advisories/GHSA-hxw5-9cc5-cmw5"
},
{
"url": "https://github.com/librenms/librenms/pull/17603",
"refsource": "MISC",
"name": "https://github.com/librenms/librenms/pull/17603"
},
{
"url": "https://github.com/librenms/librenms/commit/88fe1a7abdb500d9a2d4c45f9872df54c9ff8062",
"refsource": "MISC",
"name": "https://github.com/librenms/librenms/commit/88fe1a7abdb500d9a2d4c45f9872df54c9ff8062"
},
{
"url": "https://github.com/librenms/librenms/blob/25.4.0/includes/html/pages/addhost.inc.php#L284",
"refsource": "MISC",
"name": "https://github.com/librenms/librenms/blob/25.4.0/includes/html/pages/addhost.inc.php#L284"
}
]
},
"source": {
"advisory": "GHSA-hxw5-9cc5-cmw5",
"discovery": "UNKNOWN"
}
}

136
2025/4xxx/CVE-2025-4829.json
View File

@ -1,17 +1,145 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-4829",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as critical was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. Affected by this vulnerability is the function sub_40BE30 of the file /boafrm/formStats of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "In TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615 wurde eine kritische Schwachstelle entdeckt. Es geht um die Funktion sub_40BE30 der Datei /boafrm/formStats der Komponente HTTP POST Request Handler. Durch Manipulieren des Arguments submit-url mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow",
"cweId": "CWE-120"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Memory Corruption",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "TOTOLINK",
"product": {
"product_data": [
{
"product_name": "A702R",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0.0-B20230809.1615"
}
]
}
},
{
"product_name": "A3002R",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0.0-B20230809.1615"
}
]
}
},
{
"product_name": "A3002RU",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0.0-B20230809.1615"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.309295",
"refsource": "MISC",
"name": "https://vuldb.com/?id.309295"
},
{
"url": "https://vuldb.com/?ctiid.309295",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.309295"
},
{
"url": "https://vuldb.com/?submit.574599",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.574599"
},
{
"url": "https://github.com/CH13hh/tmp_store_cc/blob/main/toto/7.md",
"refsource": "MISC",
"name": "https://github.com/CH13hh/tmp_store_cc/blob/main/toto/7.md"
},
{
"url": "https://www.totolink.net/",
"refsource": "MISC",
"name": "https://www.totolink.net/"
}
]
},
"credits": [
{
"lang": "en",
"value": "BabyShark (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 8.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 8.8,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C"
}
]
}

136
2025/4xxx/CVE-2025-4830.json
View File

@ -1,17 +1,145 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-4830",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, has been found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. Affected by this issue is some unknown functionality of the file /boafrm/formSysCmd of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "Eine kritische Schwachstelle wurde in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615 entdeckt. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /boafrm/formSysCmd der Komponente HTTP POST Request Handler. Durch das Beeinflussen des Arguments submit-url mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow",
"cweId": "CWE-120"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Memory Corruption",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "TOTOLINK",
"product": {
"product_data": [
{
"product_name": "A702R",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0.0-B20230809.1615"
}
]
}
},
{
"product_name": "A3002R",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0.0-B20230809.1615"
}
]
}
},
{
"product_name": "A3002RU",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0.0-B20230809.1615"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.309296",
"refsource": "MISC",
"name": "https://vuldb.com/?id.309296"
},
{
"url": "https://vuldb.com/?ctiid.309296",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.309296"
},
{
"url": "https://vuldb.com/?submit.574600",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.574600"
},
{
"url": "https://github.com/CH13hh/tmp_store_cc/blob/main/toto/8.md",
"refsource": "MISC",
"name": "https://github.com/CH13hh/tmp_store_cc/blob/main/toto/8.md"
},
{
"url": "https://www.totolink.net/",
"refsource": "MISC",
"name": "https://www.totolink.net/"
}
]
},
"credits": [
{
"lang": "en",
"value": "BabyShark (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 8.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 8.8,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C"
}
]
}