From f66f37a8a9dccd5bfb9dec8ec618032baef8b301 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 2 Jun 2025 11:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2025/1xxx/CVE-2025-1750.json | 82 +++++++++- 2025/29xxx/CVE-2025-29785.json | 86 ++++++++++- 2025/3xxx/CVE-2025-3260.json | 73 ++++++++- 2025/3xxx/CVE-2025-3454.json | 135 ++++++++++++++++- 2025/47xxx/CVE-2025-47272.json | 81 +++++++++- 2025/49xxx/CVE-2025-49126.json | 18 +++ 2025/49xxx/CVE-2025-49127.json | 18 +++ 2025/49xxx/CVE-2025-49128.json | 18 +++ 2025/49xxx/CVE-2025-49129.json | 18 +++ 2025/49xxx/CVE-2025-49130.json | 18 +++ 2025/49xxx/CVE-2025-49131.json | 18 +++ 2025/49xxx/CVE-2025-49132.json | 18 +++ 2025/49xxx/CVE-2025-49133.json | 18 +++ 2025/49xxx/CVE-2025-49134.json | 18 +++ 2025/49xxx/CVE-2025-49135.json | 18 +++ 2025/49xxx/CVE-2025-49136.json | 18 +++ 2025/49xxx/CVE-2025-49137.json | 18 +++ 2025/49xxx/CVE-2025-49138.json | 18 +++ 2025/49xxx/CVE-2025-49139.json | 18 +++ 2025/49xxx/CVE-2025-49140.json | 18 +++ 2025/49xxx/CVE-2025-49141.json | 18 +++ 2025/49xxx/CVE-2025-49142.json | 18 +++ 2025/49xxx/CVE-2025-49143.json | 18 +++ 2025/49xxx/CVE-2025-49144.json | 18 +++ 2025/49xxx/CVE-2025-49145.json | 18 +++ 2025/49xxx/CVE-2025-49146.json | 18 +++ 2025/49xxx/CVE-2025-49147.json | 18 +++ 2025/49xxx/CVE-2025-49148.json | 18 +++ 2025/49xxx/CVE-2025-49149.json | 18 +++ 2025/49xxx/CVE-2025-49150.json | 18 +++ 2025/5xxx/CVE-2025-5440.json | 265 ++++++++++++++++++++++++++++++++- 2025/5xxx/CVE-2025-5441.json | 265 ++++++++++++++++++++++++++++++++- 2025/5xxx/CVE-2025-5461.json | 18 +++ 2025/5xxx/CVE-2025-5462.json | 18 +++ 2025/5xxx/CVE-2025-5463.json | 18 +++ 35 files changed, 1463 insertions(+), 28 deletions(-) create mode 100644 2025/49xxx/CVE-2025-49126.json create mode 100644 2025/49xxx/CVE-2025-49127.json create mode 100644 2025/49xxx/CVE-2025-49128.json create mode 100644 2025/49xxx/CVE-2025-49129.json create mode 100644 2025/49xxx/CVE-2025-49130.json create mode 100644 2025/49xxx/CVE-2025-49131.json create mode 100644 2025/49xxx/CVE-2025-49132.json create mode 100644 2025/49xxx/CVE-2025-49133.json create mode 100644 2025/49xxx/CVE-2025-49134.json create mode 100644 2025/49xxx/CVE-2025-49135.json create mode 100644 2025/49xxx/CVE-2025-49136.json create mode 100644 2025/49xxx/CVE-2025-49137.json create mode 100644 2025/49xxx/CVE-2025-49138.json create mode 100644 2025/49xxx/CVE-2025-49139.json create mode 100644 2025/49xxx/CVE-2025-49140.json create mode 100644 2025/49xxx/CVE-2025-49141.json create mode 100644 2025/49xxx/CVE-2025-49142.json create mode 100644 2025/49xxx/CVE-2025-49143.json create mode 100644 2025/49xxx/CVE-2025-49144.json create mode 100644 2025/49xxx/CVE-2025-49145.json create mode 100644 2025/49xxx/CVE-2025-49146.json create mode 100644 2025/49xxx/CVE-2025-49147.json create mode 100644 2025/49xxx/CVE-2025-49148.json create mode 100644 2025/49xxx/CVE-2025-49149.json create mode 100644 2025/49xxx/CVE-2025-49150.json create mode 100644 2025/5xxx/CVE-2025-5461.json create mode 100644 2025/5xxx/CVE-2025-5462.json create mode 100644 2025/5xxx/CVE-2025-5463.json diff --git a/2025/1xxx/CVE-2025-1750.json b/2025/1xxx/CVE-2025-1750.json index f5543dec7e2..b0c71c398c6 100644 --- a/2025/1xxx/CVE-2025-1750.json +++ b/2025/1xxx/CVE-2025-1750.json @@ -1,17 +1,91 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-1750", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@huntr.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An SQL injection vulnerability exists in the delete function of DuckDBVectorStore in run-llama/llama_index version v0.12.19. This vulnerability allows an attacker to manipulate the ref_doc_id parameter, enabling them to read and write arbitrary files on the server, potentially leading to remote code execution (RCE)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "run-llama", + "product": { + "product_data": [ + { + "product_name": "run-llama/llama_index", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "0.3.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://huntr.com/bounties/e1302233-9180-4269-9047-1526247d2cd8", + "refsource": "MISC", + "name": "https://huntr.com/bounties/e1302233-9180-4269-9047-1526247d2cd8" + }, + { + "url": "https://github.com/run-llama/llama_index/commit/369a2942df2efcf6b74461c45d20a0af1fbe4ae2", + "refsource": "MISC", + "name": "https://github.com/run-llama/llama_index/commit/369a2942df2efcf6b74461c45d20a0af1fbe4ae2" + } + ] + }, + "source": { + "advisory": "e1302233-9180-4269-9047-1526247d2cd8", + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" } ] } diff --git a/2025/29xxx/CVE-2025-29785.json b/2025/29xxx/CVE-2025-29785.json index d1aa6213726..9bcbd6e0ec7 100644 --- a/2025/29xxx/CVE-2025-29785.json +++ b/2025/29xxx/CVE-2025-29785.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-29785", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC packets from different remote addresses (thereby triggering the newly added path validation logic: the server sends path probe packets), and then sending ACKs for packets received from the server specifically crafted to trigger the nil-pointer dereference. v0.50.1 contains a patch that fixes the vulnerability. This release contains a test that generates random sequences of sent packets (both regular and path probe packets), that was used to verify that the patch actually covers all corner cases. No known workarounds are available." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-248: Uncaught Exception", + "cweId": "CWE-248" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "quic-go", + "product": { + "product_data": [ + { + "product_name": "quic-go", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "= 0.50.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/quic-go/quic-go/security/advisories/GHSA-j972-j939-p2v3", + "refsource": "MISC", + "name": "https://github.com/quic-go/quic-go/security/advisories/GHSA-j972-j939-p2v3" + }, + { + "url": "https://github.com/quic-go/quic-go/issues/4981", + "refsource": "MISC", + "name": "https://github.com/quic-go/quic-go/issues/4981" + }, + { + "url": "https://github.com/quic-go/quic-go/commit/b90058aba5f65f48e0e150c89bbaa21a72dda4de", + "refsource": "MISC", + "name": "https://github.com/quic-go/quic-go/commit/b90058aba5f65f48e0e150c89bbaa21a72dda4de" + } + ] + }, + "source": { + "advisory": "GHSA-j972-j939-p2v3", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2025/3xxx/CVE-2025-3260.json b/2025/3xxx/CVE-2025-3260.json index d7c898973dc..d2cc2bcb307 100644 --- a/2025/3xxx/CVE-2025-3260.json +++ b/2025/3xxx/CVE-2025-3260.json @@ -1,17 +1,82 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3260", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@grafana.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A security vulnerability in the /apis/dashboard.grafana.app/* endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions (v0alpha1, v1alpha1, v2alpha1).\n\nImpact:\n\n- Viewers can view all dashboards/folders regardless of permissions\n\n- Editors can view/edit/delete all dashboards/folders regardless of permissions\n\n- Editors can create dashboards in any folder regardless of permissions\n\n- Anonymous users with viewer/editor roles are similarly affected\n\nOrganization isolation boundaries remain intact. The vulnerability only affects dashboard access and does not grant access to datasources." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863", + "cweId": "CWE-863" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Grafana", + "product": { + "product_data": [ + { + "product_name": "Grafana", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "11.6.0", + "version_value": "11.6.1+security-01" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://grafana.com/security/security-advisories/CVE-2025-3260/", + "refsource": "MISC", + "name": "https://grafana.com/security/security-advisories/CVE-2025-3260/" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", + "version": "3.1" } ] } diff --git a/2025/3xxx/CVE-2025-3454.json b/2025/3xxx/CVE-2025-3454.json index 0377a212e7e..c4e7c707052 100644 --- a/2025/3xxx/CVE-2025-3454.json +++ b/2025/3xxx/CVE-2025-3454.json @@ -1,17 +1,144 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3454", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@grafana.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path.\n\nUsers with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources.\n\nThe issue primarily affects datasources that implement route-specific permissions, including Alertmanager and certain Prometheus-based datasources." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285", + "cweId": "CWE-285" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Grafana", + "product": { + "product_data": [ + { + "product_name": "Grafana", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "11.6.0", + "version_value": "11.6.0+security-01" + }, + { + "version_affected": "<", + "version_name": "11.5.0", + "version_value": "11.5.3+security-01" + }, + { + "version_affected": "<", + "version_name": "11.4.0", + "version_value": "11.4.3+security-01" + }, + { + "version_affected": "<", + "version_name": "11.3.0", + "version_value": "11.3.5+security-01" + }, + { + "version_affected": "<", + "version_name": "11.2.0", + "version_value": "11.2.8+security-01" + }, + { + "version_affected": "<", + "version_name": "10.4.0", + "version_value": "10.4.17+security-01" + } + ] + } + }, + { + "product_name": "Grafana Enterprise", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "11.6.0", + "version_value": "11.6.0+security-01" + }, + { + "version_affected": "<", + "version_name": "11.5.0", + "version_value": "11.5.3+security-01" + }, + { + "version_affected": "<", + "version_name": "11.4.0", + "version_value": "11.4.3+security-01" + }, + { + "version_affected": "<", + "version_name": "11.3.0", + "version_value": "11.3.5+security-01" + }, + { + "version_affected": "<", + "version_name": "11.2.0", + "version_value": "11.2.8+security-01" + }, + { + "version_affected": "<", + "version_name": "10.4.0", + "version_value": "10.4.17+security-01" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://grafana.com/security/security-advisories/cve-2025-3454/", + "refsource": "MISC", + "name": "https://grafana.com/security/security-advisories/cve-2025-3454/" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2025/47xxx/CVE-2025-47272.json b/2025/47xxx/CVE-2025-47272.json index 7d25aaec31c..3c521b856a4 100644 --- a/2025/47xxx/CVE-2025-47272.json +++ b/2025/47xxx/CVE-2025-47272.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-47272", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The CE Phoenix eCommerce platform, starting in version 1.0.9.7 and prior to version 1.1.0.3, allowed logged-in users to delete their accounts without requiring password re-authentication. An attacker with temporary access to an authenticated session (e.g., on a shared/public machine) could permanently delete the user\u2019s account without knowledge of the password. This bypass of re-authentication puts users at risk of account loss and data disruption. Version 1.1.0.3 contains a patch for the issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306: Missing Authentication for Critical Function", + "cweId": "CWE-306" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "CE-PhoenixCart", + "product": { + "product_data": [ + { + "product_name": "PhoenixCart", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 1.0.9.7, < 1.1.0.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/CE-PhoenixCart/PhoenixCart/security/advisories/GHSA-62qj-pvwm-h8cv", + "refsource": "MISC", + "name": "https://github.com/CE-PhoenixCart/PhoenixCart/security/advisories/GHSA-62qj-pvwm-h8cv" + }, + { + "url": "https://github.com/CE-PhoenixCart/PhoenixCart/commit/e87162b15d31c4126acfc1aad6108e5b9955bb76", + "refsource": "MISC", + "name": "https://github.com/CE-PhoenixCart/PhoenixCart/commit/e87162b15d31c4126acfc1aad6108e5b9955bb76" + } + ] + }, + "source": { + "advisory": "GHSA-62qj-pvwm-h8cv", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2025/49xxx/CVE-2025-49126.json b/2025/49xxx/CVE-2025-49126.json new file mode 100644 index 00000000000..4b0a336d37a --- /dev/null +++ b/2025/49xxx/CVE-2025-49126.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-49126", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/49xxx/CVE-2025-49127.json b/2025/49xxx/CVE-2025-49127.json new file mode 100644 index 00000000000..466411b2ff3 --- /dev/null +++ b/2025/49xxx/CVE-2025-49127.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-49127", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/49xxx/CVE-2025-49128.json b/2025/49xxx/CVE-2025-49128.json new file mode 100644 index 00000000000..67f88c3cb1f --- /dev/null +++ b/2025/49xxx/CVE-2025-49128.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-49128", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/49xxx/CVE-2025-49129.json b/2025/49xxx/CVE-2025-49129.json new file mode 100644 index 00000000000..c13818d3a96 --- /dev/null +++ b/2025/49xxx/CVE-2025-49129.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-49129", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/49xxx/CVE-2025-49130.json b/2025/49xxx/CVE-2025-49130.json new file mode 100644 index 00000000000..a1b5c87f27d --- /dev/null +++ b/2025/49xxx/CVE-2025-49130.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-49130", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/49xxx/CVE-2025-49131.json b/2025/49xxx/CVE-2025-49131.json new file mode 100644 index 00000000000..8d1388852c1 --- /dev/null +++ b/2025/49xxx/CVE-2025-49131.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-49131", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/49xxx/CVE-2025-49132.json b/2025/49xxx/CVE-2025-49132.json new file mode 100644 index 00000000000..33482ad6419 --- /dev/null +++ b/2025/49xxx/CVE-2025-49132.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-49132", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/49xxx/CVE-2025-49133.json b/2025/49xxx/CVE-2025-49133.json new file mode 100644 index 00000000000..8b8d43c7f6f --- /dev/null +++ b/2025/49xxx/CVE-2025-49133.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-49133", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/49xxx/CVE-2025-49134.json b/2025/49xxx/CVE-2025-49134.json new file mode 100644 index 00000000000..85732fc32e0 --- /dev/null +++ b/2025/49xxx/CVE-2025-49134.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-49134", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/49xxx/CVE-2025-49135.json b/2025/49xxx/CVE-2025-49135.json new file mode 100644 index 00000000000..1b74d4a949e --- /dev/null +++ b/2025/49xxx/CVE-2025-49135.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-49135", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/49xxx/CVE-2025-49136.json b/2025/49xxx/CVE-2025-49136.json new file mode 100644 index 00000000000..bea410f05c2 --- /dev/null +++ b/2025/49xxx/CVE-2025-49136.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-49136", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/49xxx/CVE-2025-49137.json b/2025/49xxx/CVE-2025-49137.json new file mode 100644 index 00000000000..a0658a2c65f --- /dev/null +++ b/2025/49xxx/CVE-2025-49137.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-49137", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/49xxx/CVE-2025-49138.json b/2025/49xxx/CVE-2025-49138.json new file mode 100644 index 00000000000..1a4cd7d5231 --- /dev/null +++ b/2025/49xxx/CVE-2025-49138.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-49138", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/49xxx/CVE-2025-49139.json b/2025/49xxx/CVE-2025-49139.json new file mode 100644 index 00000000000..23d71808a5b --- /dev/null +++ b/2025/49xxx/CVE-2025-49139.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-49139", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/49xxx/CVE-2025-49140.json b/2025/49xxx/CVE-2025-49140.json new file mode 100644 index 00000000000..0f6c9833e3d --- /dev/null +++ b/2025/49xxx/CVE-2025-49140.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-49140", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/49xxx/CVE-2025-49141.json b/2025/49xxx/CVE-2025-49141.json new file mode 100644 index 00000000000..bfdfa27821b --- /dev/null +++ b/2025/49xxx/CVE-2025-49141.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-49141", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/49xxx/CVE-2025-49142.json b/2025/49xxx/CVE-2025-49142.json new file mode 100644 index 00000000000..7b58bb05c93 --- /dev/null +++ b/2025/49xxx/CVE-2025-49142.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-49142", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/49xxx/CVE-2025-49143.json b/2025/49xxx/CVE-2025-49143.json new file mode 100644 index 00000000000..1f9bb349600 --- /dev/null +++ b/2025/49xxx/CVE-2025-49143.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-49143", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/49xxx/CVE-2025-49144.json b/2025/49xxx/CVE-2025-49144.json new file mode 100644 index 00000000000..42a5e1ecc1e --- /dev/null +++ b/2025/49xxx/CVE-2025-49144.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-49144", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/49xxx/CVE-2025-49145.json b/2025/49xxx/CVE-2025-49145.json new file mode 100644 index 00000000000..8850ebc8a9f --- /dev/null +++ b/2025/49xxx/CVE-2025-49145.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-49145", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/49xxx/CVE-2025-49146.json b/2025/49xxx/CVE-2025-49146.json new file mode 100644 index 00000000000..a19687509bc --- /dev/null +++ b/2025/49xxx/CVE-2025-49146.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-49146", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/49xxx/CVE-2025-49147.json b/2025/49xxx/CVE-2025-49147.json new file mode 100644 index 00000000000..efe82859c39 --- /dev/null +++ b/2025/49xxx/CVE-2025-49147.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-49147", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/49xxx/CVE-2025-49148.json b/2025/49xxx/CVE-2025-49148.json new file mode 100644 index 00000000000..e206be0c356 --- /dev/null +++ b/2025/49xxx/CVE-2025-49148.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-49148", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/49xxx/CVE-2025-49149.json b/2025/49xxx/CVE-2025-49149.json new file mode 100644 index 00000000000..de821fc7d8b --- /dev/null +++ b/2025/49xxx/CVE-2025-49149.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-49149", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/49xxx/CVE-2025-49150.json b/2025/49xxx/CVE-2025-49150.json new file mode 100644 index 00000000000..5e264844f11 --- /dev/null +++ b/2025/49xxx/CVE-2025-49150.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-49150", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/5xxx/CVE-2025-5440.json b/2025/5xxx/CVE-2025-5440.json index a8b094589b8..e79cb136a84 100644 --- a/2025/5xxx/CVE-2025-5440.json +++ b/2025/5xxx/CVE-2025-5440.json @@ -1,17 +1,274 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-5440", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function NTP of the file /goform/NTP. The manipulation of the argument manual_year_select/manual_month_select/manual_day_select/manual_hour_select/manual_min_select/manual_sec_select leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 entdeckt. Sie wurde als kritisch eingestuft. Betroffen hiervon ist die Funktion NTP der Datei /goform/NTP. Durch das Manipulieren des Arguments manual_year_select/manual_month_select/manual_day_select/manual_hour_select/manual_min_select/manual_sec_select mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection", + "cweId": "CWE-78" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Command Injection", + "cweId": "CWE-77" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linksys", + "product": { + "product_data": [ + { + "product_name": "RE6500", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0.013.001" + }, + { + "version_affected": "=", + "version_value": "1.0.04.001" + }, + { + "version_affected": "=", + "version_value": "1.0.04.002" + }, + { + "version_affected": "=", + "version_value": "1.1.05.003" + }, + { + "version_affected": "=", + "version_value": "1.2.07.001" + } + ] + } + }, + { + "product_name": "RE6250", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0.013.001" + }, + { + "version_affected": "=", + "version_value": "1.0.04.001" + }, + { + "version_affected": "=", + "version_value": "1.0.04.002" + }, + { + "version_affected": "=", + "version_value": "1.1.05.003" + }, + { + "version_affected": "=", + "version_value": "1.2.07.001" + } + ] + } + }, + { + "product_name": "RE6300", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0.013.001" + }, + { + "version_affected": "=", + "version_value": "1.0.04.001" + }, + { + "version_affected": "=", + "version_value": "1.0.04.002" + }, + { + "version_affected": "=", + "version_value": "1.1.05.003" + }, + { + "version_affected": "=", + "version_value": "1.2.07.001" + } + ] + } + }, + { + "product_name": "RE6350", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0.013.001" + }, + { + "version_affected": "=", + "version_value": "1.0.04.001" + }, + { + "version_affected": "=", + "version_value": "1.0.04.002" + }, + { + "version_affected": "=", + "version_value": "1.1.05.003" + }, + { + "version_affected": "=", + "version_value": "1.2.07.001" + } + ] + } + }, + { + "product_name": "RE7000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0.013.001" + }, + { + "version_affected": "=", + "version_value": "1.0.04.001" + }, + { + "version_affected": "=", + "version_value": "1.0.04.002" + }, + { + "version_affected": "=", + "version_value": "1.1.05.003" + }, + { + "version_affected": "=", + "version_value": "1.2.07.001" + } + ] + } + }, + { + "product_name": "RE9000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0.013.001" + }, + { + "version_affected": "=", + "version_value": "1.0.04.001" + }, + { + "version_affected": "=", + "version_value": "1.0.04.002" + }, + { + "version_affected": "=", + "version_value": "1.1.05.003" + }, + { + "version_affected": "=", + "version_value": "1.2.07.001" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.310779", + "refsource": "MISC", + "name": "https://vuldb.com/?id.310779" + }, + { + "url": "https://vuldb.com/?ctiid.310779", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.310779" + }, + { + "url": "https://vuldb.com/?submit.584362", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.584362" + }, + { + "url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_3/3.md", + "refsource": "MISC", + "name": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_3/3.md" + }, + { + "url": "https://www.linksys.com/", + "refsource": "MISC", + "name": "https://www.linksys.com/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "pjqwudi (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2025/5xxx/CVE-2025-5441.json b/2025/5xxx/CVE-2025-5441.json index 94ffc9c7fd7..2c87e6416c4 100644 --- a/2025/5xxx/CVE-2025-5441.json +++ b/2025/5xxx/CVE-2025-5441.json @@ -1,17 +1,274 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-5441", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function setDeviceURL of the file /goform/setDeviceURL. The manipulation of the argument DeviceURL leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "In Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Es geht um die Funktion setDeviceURL der Datei /goform/setDeviceURL. Durch Manipulieren des Arguments DeviceURL mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection", + "cweId": "CWE-78" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Command Injection", + "cweId": "CWE-77" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linksys", + "product": { + "product_data": [ + { + "product_name": "RE6500", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0.013.001" + }, + { + "version_affected": "=", + "version_value": "1.0.04.001" + }, + { + "version_affected": "=", + "version_value": "1.0.04.002" + }, + { + "version_affected": "=", + "version_value": "1.1.05.003" + }, + { + "version_affected": "=", + "version_value": "1.2.07.001" + } + ] + } + }, + { + "product_name": "RE6250", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0.013.001" + }, + { + "version_affected": "=", + "version_value": "1.0.04.001" + }, + { + "version_affected": "=", + "version_value": "1.0.04.002" + }, + { + "version_affected": "=", + "version_value": "1.1.05.003" + }, + { + "version_affected": "=", + "version_value": "1.2.07.001" + } + ] + } + }, + { + "product_name": "RE6300", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0.013.001" + }, + { + "version_affected": "=", + "version_value": "1.0.04.001" + }, + { + "version_affected": "=", + "version_value": "1.0.04.002" + }, + { + "version_affected": "=", + "version_value": "1.1.05.003" + }, + { + "version_affected": "=", + "version_value": "1.2.07.001" + } + ] + } + }, + { + "product_name": "RE6350", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0.013.001" + }, + { + "version_affected": "=", + "version_value": "1.0.04.001" + }, + { + "version_affected": "=", + "version_value": "1.0.04.002" + }, + { + "version_affected": "=", + "version_value": "1.1.05.003" + }, + { + "version_affected": "=", + "version_value": "1.2.07.001" + } + ] + } + }, + { + "product_name": "RE7000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0.013.001" + }, + { + "version_affected": "=", + "version_value": "1.0.04.001" + }, + { + "version_affected": "=", + "version_value": "1.0.04.002" + }, + { + "version_affected": "=", + "version_value": "1.1.05.003" + }, + { + "version_affected": "=", + "version_value": "1.2.07.001" + } + ] + } + }, + { + "product_name": "RE9000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0.013.001" + }, + { + "version_affected": "=", + "version_value": "1.0.04.001" + }, + { + "version_affected": "=", + "version_value": "1.0.04.002" + }, + { + "version_affected": "=", + "version_value": "1.1.05.003" + }, + { + "version_affected": "=", + "version_value": "1.2.07.001" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.310780", + "refsource": "MISC", + "name": "https://vuldb.com/?id.310780" + }, + { + "url": "https://vuldb.com/?ctiid.310780", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.310780" + }, + { + "url": "https://vuldb.com/?submit.584363", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.584363" + }, + { + "url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_4/4.md", + "refsource": "MISC", + "name": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_4/4.md" + }, + { + "url": "https://www.linksys.com/", + "refsource": "MISC", + "name": "https://www.linksys.com/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "pjqwudi (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2025/5xxx/CVE-2025-5461.json b/2025/5xxx/CVE-2025-5461.json new file mode 100644 index 00000000000..774274ff0cb --- /dev/null +++ b/2025/5xxx/CVE-2025-5461.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-5461", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/5xxx/CVE-2025-5462.json b/2025/5xxx/CVE-2025-5462.json new file mode 100644 index 00000000000..8f4eda491d0 --- /dev/null +++ b/2025/5xxx/CVE-2025-5462.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-5462", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/5xxx/CVE-2025-5463.json b/2025/5xxx/CVE-2025-5463.json new file mode 100644 index 00000000000..995f95c5cab --- /dev/null +++ b/2025/5xxx/CVE-2025-5463.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-5463", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file