From fa6abcaabb7b47b9de1568de9cc8d32b8497d4b6 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 6 May 2025 12:00:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2025/0xxx/CVE-2025-0984.json | 103 +++++++++++++++++++++++++++++-- 2025/4xxx/CVE-2025-4348.json | 114 +++++++++++++++++++++++++++++++++-- 2025/4xxx/CVE-2025-4349.json | 114 +++++++++++++++++++++++++++++++++-- 2025/4xxx/CVE-2025-4350.json | 114 +++++++++++++++++++++++++++++++++-- 4 files changed, 429 insertions(+), 16 deletions(-) diff --git a/2025/0xxx/CVE-2025-0984.json b/2025/0xxx/CVE-2025-0984.json index 91382270f97..5ec2614c215 100644 --- a/2025/0xxx/CVE-2025-0984.json +++ b/2025/0xxx/CVE-2025-0984.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0984", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@usom.gov.tr", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Netoloji Software E-Flow allows Accessing Functionality Not Properly Constrained by ACLs, Stored XSS, File Content Injection.This issue affects E-Flow: before 3.23.00." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type", + "cweId": "CWE-434" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Netoloji Software", + "product": { + "product_data": [ + { + "product_name": "E-Flow", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "3.23.00" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://netoloji.com/yazilim-surum-notlari/", + "refsource": "MISC", + "name": "https://netoloji.com/yazilim-surum-notlari/" + }, + { + "url": "https://www.usom.gov.tr/bildirim/tr-25-0102", + "refsource": "MISC", + "name": "https://www.usom.gov.tr/bildirim/tr-25-0102" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "TR-25-0102", + "defect": [ + "TR-25-0102" + ], + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Ali KAZAR" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L", + "version": "3.1" } ] } diff --git a/2025/4xxx/CVE-2025-4348.json b/2025/4xxx/CVE-2025-4348.json index 0b304093053..0d002e18ca7 100644 --- a/2025/4xxx/CVE-2025-4348.json +++ b/2025/4xxx/CVE-2025-4348.json @@ -1,17 +1,123 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-4348", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** UNSUPPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-600L up to 2.07B01. It has been rated as critical. Affected by this issue is the function formSetWanL2TP. The manipulation of the argument host leads to buffer overflow. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer." + }, + { + "lang": "deu", + "value": "** UNSUPPPORTED WHEN ASSIGNED ** Eine kritische Schwachstelle wurde in D-Link DIR-600L bis 2.07B01 ausgemacht. Es geht hierbei um die Funktion formSetWanL2TP. Mittels dem Manipulieren des Arguments host mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow", + "cweId": "CWE-120" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption", + "cweId": "CWE-119" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "D-Link", + "product": { + "product_data": [ + { + "product_name": "DIR-600L", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.07B01" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.307466", + "refsource": "MISC", + "name": "https://vuldb.com/?id.307466" + }, + { + "url": "https://vuldb.com/?ctiid.307466", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.307466" + }, + { + "url": "https://vuldb.com/?submit.558301", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.558301" + }, + { + "url": "https://github.com/jylsec/vuldb/blob/main/D-Link/dlink_dir600l/Buffer_ovrflow-formSetWanL2TP-curTime/README.md", + "refsource": "MISC", + "name": "https://github.com/jylsec/vuldb/blob/main/D-Link/dlink_dir600l/Buffer_ovrflow-formSetWanL2TP-curTime/README.md" + }, + { + "url": "https://www.dlink.com/", + "refsource": "MISC", + "name": "https://www.dlink.com/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "B1Nn (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 8.8, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 9, + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" } ] } diff --git a/2025/4xxx/CVE-2025-4349.json b/2025/4xxx/CVE-2025-4349.json index 34d37211168..331c77ba8a3 100644 --- a/2025/4xxx/CVE-2025-4349.json +++ b/2025/4xxx/CVE-2025-4349.json @@ -1,17 +1,123 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-4349", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** UNSUPPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in D-Link DIR-600L up to 2.07B01. This affects the function formSysCmd. The manipulation of the argument host leads to command injection. It is possible to initiate the attack remotely. This vulnerability only affects products that are no longer supported by the maintainer." + }, + { + "lang": "deu", + "value": "** UNSUPPPORTED WHEN ASSIGNED ** Es wurde eine Schwachstelle in D-Link DIR-600L bis 2.07B01 entdeckt. Sie wurde als kritisch eingestuft. Es geht dabei um die Funktion formSysCmd. Mittels Manipulieren des Arguments host mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection", + "cweId": "CWE-77" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Injection", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "D-Link", + "product": { + "product_data": [ + { + "product_name": "DIR-600L", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.07B01" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.307467", + "refsource": "MISC", + "name": "https://vuldb.com/?id.307467" + }, + { + "url": "https://vuldb.com/?ctiid.307467", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.307467" + }, + { + "url": "https://vuldb.com/?submit.558302", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.558302" + }, + { + "url": "https://github.com/jylsec/vuldb/blob/main/D-Link/dlink_dir600l/Command_injection-formSysCmd-sysCmd/README.md", + "refsource": "MISC", + "name": "https://github.com/jylsec/vuldb/blob/main/D-Link/dlink_dir600l/Command_injection-formSysCmd-sysCmd/README.md" + }, + { + "url": "https://www.dlink.com/", + "refsource": "MISC", + "name": "https://www.dlink.com/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "B1Nn (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 8.8, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 9, + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" } ] } diff --git a/2025/4xxx/CVE-2025-4350.json b/2025/4xxx/CVE-2025-4350.json index 9d4609dd6de..eca68fc719a 100644 --- a/2025/4xxx/CVE-2025-4350.json +++ b/2025/4xxx/CVE-2025-4350.json @@ -1,17 +1,123 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-4350", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** UNSUPPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in D-Link DIR-600L up to 2.07B01. This vulnerability affects the function wake_on_lan. The manipulation of the argument host leads to command injection. The attack can be initiated remotely. This vulnerability only affects products that are no longer supported by the maintainer." + }, + { + "lang": "deu", + "value": "** UNSUPPPORTED WHEN ASSIGNED ** In D-Link DIR-600L bis 2.07B01 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Dabei geht es um die Funktion wake_on_lan. Durch das Manipulieren des Arguments host mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection", + "cweId": "CWE-77" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Injection", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "D-Link", + "product": { + "product_data": [ + { + "product_name": "DIR-600L", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.07B01" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.307468", + "refsource": "MISC", + "name": "https://vuldb.com/?id.307468" + }, + { + "url": "https://vuldb.com/?ctiid.307468", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.307468" + }, + { + "url": "https://vuldb.com/?submit.558303", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.558303" + }, + { + "url": "https://github.com/jylsec/vuldb/blob/main/D-Link/dlink_dir600l/Command_injection-wake_on_lan-mac/README.md", + "refsource": "MISC", + "name": "https://github.com/jylsec/vuldb/blob/main/D-Link/dlink_dir600l/Command_injection-wake_on_lan-mac/README.md" + }, + { + "url": "https://www.dlink.com/", + "refsource": "MISC", + "name": "https://www.dlink.com/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "B1Nn (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 8.8, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 9, + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" } ] }