diff --git a/CVE-2025/CVE-2025-323xx/CVE-2025-32366.json b/CVE-2025/CVE-2025-323xx/CVE-2025-32366.json index f2cd0daf36f..8cf59033910 100644 --- a/CVE-2025/CVE-2025-323xx/CVE-2025-32366.json +++ b/CVE-2025/CVE-2025-323xx/CVE-2025-32366.json @@ -2,7 +2,7 @@ "id": "CVE-2025-32366", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-05T23:15:40.910", - "lastModified": "2025-04-05T23:15:40.910", + "lastModified": "2025-04-06T00:15:18.980", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,42 @@ "value": "In ConnMan through 1.44, parse_rr in dnsproxy.c has a memcpy length that depends on an RR RDLENGTH value, i.e., *rdlen=ntohs(rr->rdlen) and memcpy(response+offset,*end,*rdlen)." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "baseScore": 3.7, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.2, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-130" + } + ] + } + ], "references": [ { "url": "https://web.git.kernel.org/pub/scm/network/connman/connman.git/tree/src/dnsproxy.c?h=1.44#n1001", diff --git a/CVE-2025/CVE-2025-33xx/CVE-2025-3306.json b/CVE-2025/CVE-2025-33xx/CVE-2025-3306.json new file mode 100644 index 00000000000..7815e83a52f --- /dev/null +++ b/CVE-2025/CVE-2025-33xx/CVE-2025-3306.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-3306", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-06T01:15:40.663", + "lastModified": "2025-04-06T01:15:40.663", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in code-projects Blood Bank Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /don.php. The manipulation of the argument fullname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/p1026/CVE/issues/22", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.303503", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.303503", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.550190", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 3ede1786a69..f37f09826c1 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-04-05T23:55:33.560375+00:00 +2025-04-06T02:00:19.546304+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-04-05T23:15:41.780000+00:00 +2025-04-06T01:15:40.663000+00:00 ``` ### Last Data Feed Release @@ -33,24 +33,21 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -288704 +288705 ``` ### CVEs added in the last Commit -Recently added CVEs: `5` +Recently added CVEs: `1` -- [CVE-2025-32364](CVE-2025/CVE-2025-323xx/CVE-2025-32364.json) (`2025-04-05T22:15:18.337`) -- [CVE-2025-32365](CVE-2025/CVE-2025-323xx/CVE-2025-32365.json) (`2025-04-05T22:15:19.010`) -- [CVE-2025-32366](CVE-2025/CVE-2025-323xx/CVE-2025-32366.json) (`2025-04-05T23:15:40.910`) -- [CVE-2025-3304](CVE-2025/CVE-2025-33xx/CVE-2025-3304.json) (`2025-04-05T22:15:19.203`) -- [CVE-2025-3305](CVE-2025/CVE-2025-33xx/CVE-2025-3305.json) (`2025-04-05T23:15:41.780`) +- [CVE-2025-3306](CVE-2025/CVE-2025-33xx/CVE-2025-3306.json) (`2025-04-06T01:15:40.663`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `1` +- [CVE-2025-32366](CVE-2025/CVE-2025-323xx/CVE-2025-32366.json) (`2025-04-06T00:15:18.980`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 49024a28e05..2137547ee31 100644 --- a/_state.csv +++ b/_state.csv @@ -288669,9 +288669,9 @@ CVE-2025-32358,0,0,67f5b1d9deade3a8e2f00fa4d4b975cbdf610a67d2a521e969fe3583fb55c CVE-2025-32359,0,0,6187ae8290a450bd8a82a6b72c5b30b3aadac60db493fd3c72b75d8db5408564,2025-04-05T21:15:40.657000 CVE-2025-3236,0,0,5d4e067380b83b38fff7db048531cbbf8dd6b43b2fc6d26b5d090f351b090b28,2025-04-04T10:15:17.177000 CVE-2025-32360,0,0,0e74289220e4b285c0e8748f3e1650706d339f80b6d12512f31f5c70a948d5d7,2025-04-05T21:15:40.820000 -CVE-2025-32364,1,1,cfb2ebfabb62fc4b801fb2bf95fe1940970bfddc2ea9963730d3ab7bd79a8124,2025-04-05T22:15:18.337000 -CVE-2025-32365,1,1,26d24ab60b153da5a84d5f59bd2fd2acbadd4a9a5ca08171ad2b1fd85144179a,2025-04-05T22:15:19.010000 -CVE-2025-32366,1,1,7214d5101cd1a18f739f2f17b01915998422c7d40bdd6025a46a4b262374c696,2025-04-05T23:15:40.910000 +CVE-2025-32364,0,0,cfb2ebfabb62fc4b801fb2bf95fe1940970bfddc2ea9963730d3ab7bd79a8124,2025-04-05T22:15:18.337000 +CVE-2025-32365,0,0,26d24ab60b153da5a84d5f59bd2fd2acbadd4a9a5ca08171ad2b1fd85144179a,2025-04-05T22:15:19.010000 +CVE-2025-32366,0,1,55ed558c8590729fba4d42dd8e9fca74dbbfd7a7c513816303bb4016f69cddc5,2025-04-06T00:15:18.980000 CVE-2025-3237,0,0,2b0634913d301c0209a0690fb90ddcaa8b200550805a1d4ec2db149b30fd4af2,2025-04-04T10:15:17.383000 CVE-2025-3238,0,0,49b7638c423114327b5e6867f71919ab552663d9bb2b5517ae05eef59b2968e0,2025-04-04T10:15:17.577000 CVE-2025-3239,0,0,a890b57275ecd0351eb57a0ff486b7b7ddc21d7a21c77a8b45094fdc21902b92,2025-04-04T11:15:40.393000 @@ -288701,5 +288701,6 @@ CVE-2025-3297,0,0,9d657205cb1e1fa121cd9d46f1e89f67c4e384343683d67c9067920e028e61 CVE-2025-3298,0,0,f489b37e862b9985c9c03fe106e95e8b15c160be3e8c5296a92578b4574edfe4,2025-04-05T11:15:40.917000 CVE-2025-3299,0,0,bddd729a6927cb255675ce738cd015969a7cc6b02a8cfe6feb6b634f6ef818b7,2025-04-05T11:15:41.180000 CVE-2025-3303,0,0,6221e6ee3090234e52eafd095ff7bb4444c418778b5f3445b7a8782971faacf3,2025-04-05T21:15:40.990000 -CVE-2025-3304,1,1,29a38ac7df74814842edc977ed145111a95ed8ef942f514c967d6026c5a64b93,2025-04-05T22:15:19.203000 -CVE-2025-3305,1,1,b2c90129fe183fd0375eb40e77713311a1f1af30e665ffd707316b1c76fdc5b4,2025-04-05T23:15:41.780000 +CVE-2025-3304,0,0,29a38ac7df74814842edc977ed145111a95ed8ef942f514c967d6026c5a64b93,2025-04-05T22:15:19.203000 +CVE-2025-3305,0,0,b2c90129fe183fd0375eb40e77713311a1f1af30e665ffd707316b1c76fdc5b4,2025-04-05T23:15:41.780000 +CVE-2025-3306,1,1,8af2b5a7c28d3e6ac3e8cb07eb340dc6f7805a9ee07cb14217b9df657d2f2410,2025-04-06T01:15:40.663000