admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-04-29T20:00:20.035203+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-04-29 20:03:54 +00:00
parent cead4a43f7
commit 22b5be4621
81 changed files with 5925 additions and 650 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
CVE-2020/CVE-2020-367xx/CVE-2020-36789.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-36789", "id": "CVE-2020-36789",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-04-17T18:15:42.743", "published": "2025-04-17T18:15:42.743",
"lastModified": "2025-04-17T20:21:05.203", "lastModified": "2025-04-29T18:55:11.223",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,35 +15,155 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: can: dev: can_get_echo_skb(): evitar la llamada a kfree_skb() en el contexto de IRQ duro Si un controlador llama a can_get_echo_skb() durante un IRQ de hardware (que es a menudo, pero no siempre, el caso), el 'WARN_ON(in_irq)' en net/core/skbuff.c#skb_release_head_state() podr\u00eda activarse, en circunstancias de congesti\u00f3n de la red, junto con el riesgo potencial de una desreferencia de puntero NULL. La causa ra\u00edz de este problema es la llamada a kfree_skb() en lugar de dev_kfree_skb_irq() en net/core/dev.c#enqueue_to_backlog(). Este parche evita que el skb se libere dentro de la llamada a netif_rx() incrementando su contador de referencias con skb_get(). El skb se libera finalmente mediante una de las funciones seguras en contexto IRQ: dev_consume_skb_any() o dev_kfree_skb_any(). Se utiliza la versi\u00f3n \"any\" porque algunos controladores podr\u00edan llamar a can_get_echo_skb() en un contexto normal. Este problema se debe a que, inicialmente, en la pila de red principal, no se esperaba que los skb de bucle invertido se recibieran en el contexto IRQ de hardware. La pila CAN es una excepci\u00f3n. Este error se report\u00f3 previamente en 2017 en [1], pero el parche propuesto nunca fue aceptado. Si bien [1] modifica directamente net/core/dev.c, aqu\u00ed intentamos proponer una modificaci\u00f3n m\u00e1s fluida local en la pila de red CAN (suponiendo que solo los dispositivos CAN se ven afectados por este problema). [1] http://lore.kernel.org/r/57a3ffb6-3309-3ad5-5a34-e93c3fe3614d@cetitec.com" "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: can: dev: can_get_echo_skb(): evitar la llamada a kfree_skb() en el contexto de IRQ duro Si un controlador llama a can_get_echo_skb() durante un IRQ de hardware (que es a menudo, pero no siempre, el caso), el 'WARN_ON(in_irq)' en net/core/skbuff.c#skb_release_head_state() podr\u00eda activarse, en circunstancias de congesti\u00f3n de la red, junto con el riesgo potencial de una desreferencia de puntero NULL. La causa ra\u00edz de este problema es la llamada a kfree_skb() en lugar de dev_kfree_skb_irq() en net/core/dev.c#enqueue_to_backlog(). Este parche evita que el skb se libere dentro de la llamada a netif_rx() incrementando su contador de referencias con skb_get(). El skb se libera finalmente mediante una de las funciones seguras en contexto IRQ: dev_consume_skb_any() o dev_kfree_skb_any(). Se utiliza la versi\u00f3n \"any\" porque algunos controladores podr\u00edan llamar a can_get_echo_skb() en un contexto normal. Este problema se debe a que, inicialmente, en la pila de red principal, no se esperaba que los skb de bucle invertido se recibieran en el contexto IRQ de hardware. La pila CAN es una excepci\u00f3n. Este error se report\u00f3 previamente en 2017 en [1], pero el parche propuesto nunca fue aceptado. Si bien [1] modifica directamente net/core/dev.c, aqu\u00ed intentamos proponer una modificaci\u00f3n m\u00e1s fluida local en la pila de red CAN (suponiendo que solo los dispositivos CAN se ven afectados por este problema). [1] http://lore.kernel.org/r/57a3ffb6-3309-3ad5-5a34-e93c3fe3614d@cetitec.com"
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.31",
"versionEndExcluding": "4.4.244",
"matchCriteriaId": "BCE79E39-47AC-4822-993E-020CB01414EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.5",
"versionEndExcluding": "4.9.244",
"matchCriteriaId": "5DA13F99-FB5C-48E2-89F8-771B5DA2F0D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.10",
"versionEndExcluding": "4.14.207",
"matchCriteriaId": "DD9E0DA2-567F-4DF2-9A1E-5D22A91FA245"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "4.19.158",
"matchCriteriaId": "3DABF800-EF14-41DA-B3D6-4B5DBF148443"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.78",
"matchCriteriaId": "DFFC67F2-DDE1-4CA5-A075-32865562DF37"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.9.9",
"matchCriteriaId": "8FC7AE04-F63B-4317-8485-E44A13A4CFCC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9DD7EB1D-064C-4DB9-AD34-D8EF78312C17"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.10:rc2:*:*:*:*:*:*",
"matchCriteriaId": "12505363-342C-4333-98C0-41F031024348"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/2283f79b22684d2812e5c76fc2280aae00390365", "url": "https://git.kernel.org/stable/c/2283f79b22684d2812e5c76fc2280aae00390365",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/248b71ce92d4f3a574b2537f9838f48e892618f4", "url": "https://git.kernel.org/stable/c/248b71ce92d4f3a574b2537f9838f48e892618f4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/3a922a85701939624484e7f2fd07d32beed00d25", "url": "https://git.kernel.org/stable/c/3a922a85701939624484e7f2fd07d32beed00d25",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/451187b20431924d13fcfecc500d7cd2d9951bac", "url": "https://git.kernel.org/stable/c/451187b20431924d13fcfecc500d7cd2d9951bac",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/7e4cf2ec0ca236c3e5f904239cec6efe1f3baf22", "url": "https://git.kernel.org/stable/c/7e4cf2ec0ca236c3e5f904239cec6efe1f3baf22",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/87530b557affe01c764de32dbeb58cdf47234574", "url": "https://git.kernel.org/stable/c/87530b557affe01c764de32dbeb58cdf47234574",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/ab46748bf98864f9c3f5559060bf8caf9df2b41e", "url": "https://git.kernel.org/stable/c/ab46748bf98864f9c3f5559060bf8caf9df2b41e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

127
CVE-2021/CVE-2021-472xx/CVE-2021-47221.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-47221", "id": "CVE-2021-47221",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-21T15:15:11.380", "published": "2024-05-21T15:15:11.380",
"lastModified": "2024-11-21T06:35:39.267", "lastModified": "2025-04-29T19:07:02.250",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,31 +15,140 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: mm/slub: en realidad corrige el puntero de lista libre frente a redzoning. Resulta que SLUB redzoning (\"slub_debug=Z\") verifica desde s->object_size en lugar de s->inuse (que normalmente se elimina para dejar espacio para el puntero de lista libre), por lo que un cach\u00e9 creado con un tama\u00f1o de objeto menor a 24 tendr\u00eda el puntero de lista libre escrito m\u00e1s all\u00e1 de s->object_size, causando que el puntero de lista libre corrompa la zona roja. Esto fue muy visible con \"slub_debug=ZF\": prueba de BUG(contaminada: GB): zona roja derecha sobrescrita ---------------------------- ------------------------------------------------- INFORMACI\u00d3N : 0xffff957ead1c05de-0xffff957ead1c05df @offset=1502. Primer byte 0x1a en lugar de 0xbb INFORMACI\u00d3N: slab 0xffffef3950b47000 objetos=170 usados=170 fp=0x0000000000000000 banderas=0x80000000000000200 INFORMACI\u00d3N: Objeto 0xffff957ead1c05d8 @offset=1496 fp=0xffff9 57ead1c0620 Zona roja (____ptrval____): bb bb bb bb bb bb bb bb .... .... Objeto (____ptrval____): 00 00 00 00 00 f6 f4 a5 ........ Redzone (____ptrval____): 40 1d e8 1a aa @.... Relleno (____ptrval____): 00 00 00 00 00 00 00 00 ........ Ajuste el desplazamiento para permanecer dentro de s->object_size. (Tenga en cuenta que actualmente no se sabe que existan cach\u00e9s de este rango de tama\u00f1o en el kernel)." "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: mm/slub: en realidad corrige el puntero de lista libre frente a redzoning. Resulta que SLUB redzoning (\"slub_debug=Z\") verifica desde s->object_size en lugar de s->inuse (que normalmente se elimina para dejar espacio para el puntero de lista libre), por lo que un cach\u00e9 creado con un tama\u00f1o de objeto menor a 24 tendr\u00eda el puntero de lista libre escrito m\u00e1s all\u00e1 de s->object_size, causando que el puntero de lista libre corrompa la zona roja. Esto fue muy visible con \"slub_debug=ZF\": prueba de BUG(contaminada: GB): zona roja derecha sobrescrita ---------------------------- ------------------------------------------------- INFORMACI\u00d3N : 0xffff957ead1c05de-0xffff957ead1c05df @offset=1502. Primer byte 0x1a en lugar de 0xbb INFORMACI\u00d3N: slab 0xffffef3950b47000 objetos=170 usados=170 fp=0x0000000000000000 banderas=0x80000000000000200 INFORMACI\u00d3N: Objeto 0xffff957ead1c05d8 @offset=1496 fp=0xffff9 57ead1c0620 Zona roja (____ptrval____): bb bb bb bb bb bb bb bb .... .... Objeto (____ptrval____): 00 00 00 00 00 f6 f4 a5 ........ Redzone (____ptrval____): 40 1d e8 1a aa @.... Relleno (____ptrval____): 00 00 00 00 00 00 00 00 ........ Ajuste el desplazamiento para permanecer dentro de s->object_size. (Tenga en cuenta que actualmente no se sabe que existan cach\u00e9s de este rango de tama\u00f1o en el kernel)."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-763"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.7",
"versionEndExcluding": "5.10.46",
"matchCriteriaId": "366D4F8F-9C74-4363-B945-AE477F73A08A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.12.13",
"matchCriteriaId": "7806E7E5-6D4F-4E18-81C1-79B3C60EE855"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0CBAD0FC-C281-4666-AB2F-F8E6E1165DF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:*",
"matchCriteriaId": "96AC23B2-D46A-49D9-8203-8E1BEDCA8532"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:*",
"matchCriteriaId": "DA610E30-717C-4700-9F77-A3C9244F3BFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc4:*:*:*:*:*:*",
"matchCriteriaId": "1ECD33F5-85BE-430B-8F86-8D7BD560311D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc5:*:*:*:*:*:*",
"matchCriteriaId": "CF351855-2437-4CF5-AD7C-BDFA51F27683"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc6:*:*:*:*:*:*",
"matchCriteriaId": "25A855BA-2118-44F2-90EF-EBBB12AF51EF"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/ce6e8bee7a3883e8008b30f5887dbb426aac6a35", "url": "https://git.kernel.org/stable/c/ce6e8bee7a3883e8008b30f5887dbb426aac6a35",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/e41a49fadbc80b60b48d3c095d9e2ee7ef7c9a8e", "url": "https://git.kernel.org/stable/c/e41a49fadbc80b60b48d3c095d9e2ee7ef7c9a8e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/f6ed2357541612a13a5841b3af4dc32ed984a25f", "url": "https://git.kernel.org/stable/c/f6ed2357541612a13a5841b3af4dc32ed984a25f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/ce6e8bee7a3883e8008b30f5887dbb426aac6a35", "url": "https://git.kernel.org/stable/c/ce6e8bee7a3883e8008b30f5887dbb426aac6a35",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/e41a49fadbc80b60b48d3c095d9e2ee7ef7c9a8e", "url": "https://git.kernel.org/stable/c/e41a49fadbc80b60b48d3c095d9e2ee7ef7c9a8e",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/f6ed2357541612a13a5841b3af4dc32ed984a25f", "url": "https://git.kernel.org/stable/c/f6ed2357541612a13a5841b3af4dc32ed984a25f",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
} }
] ]
} }

178
CVE-2021/CVE-2021-472xx/CVE-2021-47222.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-47222", "id": "CVE-2021-47222",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-21T15:15:11.453", "published": "2024-05-21T15:15:11.453",
"lastModified": "2024-11-21T06:35:39.383", "lastModified": "2025-04-29T19:13:04.043",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,55 +15,203 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: bridge: corrige el refcnt dst del t\u00fanel vlan al salir El c\u00f3digo del t\u00fanel de salida usa dst_clone() y establece directamente el resultado que es incorrecto porque la entrada puede tener 0 refcnt o ya estar eliminada , causando varios problemas. Tambi\u00e9n activa WARN_ON() en dst_hold()[1] cuando no se puede tomar una referencia. Solucionelo usando dst_hold_safe() y verificando si realmente se tom\u00f3 una referencia antes de configurar el dst. [1] Registro dmesg WARN_ON y siguientes errores de referencia ADVERTENCIA: CPU: 5 PID: 38 en include/net/dst.h:230 br_handle_egress_vlan_tunnel+0x10b/0x134 [puente] M\u00f3dulos vinculados en: 8021q garp mrp bridge stp llc bonding ipv6 virtio_net CPU : 5 PID: 38 Comm: ksoftirqd/5 Kdump: cargado Contaminado: GW 5.13.0-rc3+ #360 Nombre del hardware: PC est\u00e1ndar QEMU (i440FX + PIIX, 1996), BIOS 1.14.0-1.fc33 01/04/2014 RIP: 0010:br_handle_egress_vlan_tunnel+0x10b/0x134 [puente] C\u00f3digo: e8 85 bc 01 e1 45 84 f6 74 90 45 31 f6 85 db 48 c7 c7 a0 02 19 a0 41 0f 94 c6 31 c9 31 d2 44 f6 e8 64 a.C. 01 e1 85 db 75 02 <0f> 0b 31 c9 31 d2 44 89 f6 48 c7 c7 70 02 19 a0 e8 4b bc 01 e1 49 RSP: 0018:ffff8881003d39e8 EFLAGS: 00010246 RAX: 00000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffffffffa01902a0 RBP: ffff8881040c6700 R08: 0000000000000000 R09: 00000000000000001 R10: 2ce93d0054fe0d00 R11: d00000e0000 R12: ffff888109515000 R13: 0000000000000000 R14: 0000000000000001 R15: 00000000000000401 FS: 0000000000000000(0000) 8822bf40000(0000) knlGS:0000000000000000CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f42ba70f030 CR3: 0000000109926000 CR4: 00000000000006e0 Seguimiento de llamadas: br_handle_vlan+0xbc/0xca [puente] _forward+0x23/0x164 [puente] delivery_clone+0x41/0x48 [puente] br_handle_frame_finish+0x36f/ 0x3aa [puente] ? skb_dst+0x2e/0x38 [puente]? br_handle_ingress_vlan_tunnel+0x3e/0x1c8 [puente]? br_handle_frame_finish+0x3aa/0x3aa [puente] br_handle_frame+0x2c3/0x377 [puente]? __skb_pull+0x33/0x51? vlan_do_receive+0x4f/0x36a? br_handle_frame_finish+0x3aa/0x3aa [puente] __netif_receive_skb_core+0x539/0x7c6? __list_del_entry_valid+0x16e/0x1c2 __netif_receive_skb_list_core+0x6d/0xd6 netif_receive_skb_list_internal+0x1d9/0x1fa gro_normal_list+0x22/0x3e dev_gro_receive+0x55b/0x600 ? detach_buf_split+0x58/0x140 napi_gro_receive+0x94/0x12e virtnet_poll+0x15d/0x315 [virtio_net] __napi_poll+0x2c/0x1c9 net_rx_action+0xe6/0x1fb __do_softirq+0x115/0x2d8 run_ksoftirq d+0x18/0x20 smpboot_thread_fn+0x183/0x19c ? smpboot_unregister_percpu_thread+0x66/0x66 kthread+0x10a/0x10f? kthread_mod_delayed_work+0xb6/0xb6 ret_from_fork+0x22/0x30 ---[ end trace 49f61b07f775fd2b ]--- dst_release: dst:00000000c02d677a refcnt:-1 dst_release underflow" "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: bridge: corrige el refcnt dst del t\u00fanel vlan al salir El c\u00f3digo del t\u00fanel de salida usa dst_clone() y establece directamente el resultado que es incorrecto porque la entrada puede tener 0 refcnt o ya estar eliminada , causando varios problemas. Tambi\u00e9n activa WARN_ON() en dst_hold()[1] cuando no se puede tomar una referencia. Solucionelo usando dst_hold_safe() y verificando si realmente se tom\u00f3 una referencia antes de configurar el dst. [1] Registro dmesg WARN_ON y siguientes errores de referencia ADVERTENCIA: CPU: 5 PID: 38 en include/net/dst.h:230 br_handle_egress_vlan_tunnel+0x10b/0x134 [puente] M\u00f3dulos vinculados en: 8021q garp mrp bridge stp llc bonding ipv6 virtio_net CPU : 5 PID: 38 Comm: ksoftirqd/5 Kdump: cargado Contaminado: GW 5.13.0-rc3+ #360 Nombre del hardware: PC est\u00e1ndar QEMU (i440FX + PIIX, 1996), BIOS 1.14.0-1.fc33 01/04/2014 RIP: 0010:br_handle_egress_vlan_tunnel+0x10b/0x134 [puente] C\u00f3digo: e8 85 bc 01 e1 45 84 f6 74 90 45 31 f6 85 db 48 c7 c7 a0 02 19 a0 41 0f 94 c6 31 c9 31 d2 44 f6 e8 64 a.C. 01 e1 85 db 75 02 <0f> 0b 31 c9 31 d2 44 89 f6 48 c7 c7 70 02 19 a0 e8 4b bc 01 e1 49 RSP: 0018:ffff8881003d39e8 EFLAGS: 00010246 RAX: 00000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffffffffa01902a0 RBP: ffff8881040c6700 R08: 0000000000000000 R09: 00000000000000001 R10: 2ce93d0054fe0d00 R11: d00000e0000 R12: ffff888109515000 R13: 0000000000000000 R14: 0000000000000001 R15: 00000000000000401 FS: 0000000000000000(0000) 8822bf40000(0000) knlGS:0000000000000000CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f42ba70f030 CR3: 0000000109926000 CR4: 00000000000006e0 Seguimiento de llamadas: br_handle_vlan+0xbc/0xca [puente] _forward+0x23/0x164 [puente] delivery_clone+0x41/0x48 [puente] br_handle_frame_finish+0x36f/ 0x3aa [puente] ? skb_dst+0x2e/0x38 [puente]? br_handle_ingress_vlan_tunnel+0x3e/0x1c8 [puente]? br_handle_frame_finish+0x3aa/0x3aa [puente] br_handle_frame+0x2c3/0x377 [puente]? __skb_pull+0x33/0x51? vlan_do_receive+0x4f/0x36a? br_handle_frame_finish+0x3aa/0x3aa [puente] __netif_receive_skb_core+0x539/0x7c6? __list_del_entry_valid+0x16e/0x1c2 __netif_receive_skb_list_core+0x6d/0xd6 netif_receive_skb_list_internal+0x1d9/0x1fa gro_normal_list+0x22/0x3e dev_gro_receive+0x55b/0x600 ? detach_buf_split+0x58/0x140 napi_gro_receive+0x94/0x12e virtnet_poll+0x15d/0x315 [virtio_net] __napi_poll+0x2c/0x1c9 net_rx_action+0xe6/0x1fb __do_softirq+0x115/0x2d8 run_ksoftirq d+0x18/0x20 smpboot_thread_fn+0x183/0x19c ? smpboot_unregister_percpu_thread+0x66/0x66 kthread+0x10a/0x10f? kthread_mod_delayed_work+0xb6/0xb6 ret_from_fork+0x22/0x30 ---[ end trace 49f61b07f775fd2b ]--- dst_release: dst:00000000c02d677a refcnt:-1 dst_release underflow"
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.11",
"versionEndExcluding": "4.14.238",
"matchCriteriaId": "32B54D58-21AF-4B0B-B388-EADE824369F7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "4.19.196",
"matchCriteriaId": "F3CAB837-7D38-4934-AD4F-195CEFD754E6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.128",
"matchCriteriaId": "6267BD4E-BE25-48B5-B850-4B493440DAFA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.46",
"matchCriteriaId": "59455D13-A902-42E1-97F7-5ED579777193"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.12.13",
"matchCriteriaId": "7806E7E5-6D4F-4E18-81C1-79B3C60EE855"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0CBAD0FC-C281-4666-AB2F-F8E6E1165DF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:*",
"matchCriteriaId": "96AC23B2-D46A-49D9-8203-8E1BEDCA8532"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:*",
"matchCriteriaId": "DA610E30-717C-4700-9F77-A3C9244F3BFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc4:*:*:*:*:*:*",
"matchCriteriaId": "1ECD33F5-85BE-430B-8F86-8D7BD560311D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc5:*:*:*:*:*:*",
"matchCriteriaId": "CF351855-2437-4CF5-AD7C-BDFA51F27683"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc6:*:*:*:*:*:*",
"matchCriteriaId": "25A855BA-2118-44F2-90EF-EBBB12AF51EF"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/25053a8404ba17ca48f5553d487afc1882e9f56c", "url": "https://git.kernel.org/stable/c/25053a8404ba17ca48f5553d487afc1882e9f56c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/42020f7f37a90d24b9551f5f7eba3f7c7c102968", "url": "https://git.kernel.org/stable/c/42020f7f37a90d24b9551f5f7eba3f7c7c102968",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/79855be6445b6592bddb7bd7167083ec8cdbd73f", "url": "https://git.kernel.org/stable/c/79855be6445b6592bddb7bd7167083ec8cdbd73f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/84fc1c944e45ab317e2e70a0e7f76fa2a5e43b6e", "url": "https://git.kernel.org/stable/c/84fc1c944e45ab317e2e70a0e7f76fa2a5e43b6e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/cfc579f9d89af4ada58c69b03bcaa4887840f3b3", "url": "https://git.kernel.org/stable/c/cfc579f9d89af4ada58c69b03bcaa4887840f3b3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/fc7fdd8c5c2ad2fe3e297698be9d4dbe4a4e0579", "url": "https://git.kernel.org/stable/c/fc7fdd8c5c2ad2fe3e297698be9d4dbe4a4e0579",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/25053a8404ba17ca48f5553d487afc1882e9f56c", "url": "https://git.kernel.org/stable/c/25053a8404ba17ca48f5553d487afc1882e9f56c",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/42020f7f37a90d24b9551f5f7eba3f7c7c102968", "url": "https://git.kernel.org/stable/c/42020f7f37a90d24b9551f5f7eba3f7c7c102968",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/79855be6445b6592bddb7bd7167083ec8cdbd73f", "url": "https://git.kernel.org/stable/c/79855be6445b6592bddb7bd7167083ec8cdbd73f",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/84fc1c944e45ab317e2e70a0e7f76fa2a5e43b6e", "url": "https://git.kernel.org/stable/c/84fc1c944e45ab317e2e70a0e7f76fa2a5e43b6e",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/cfc579f9d89af4ada58c69b03bcaa4887840f3b3", "url": "https://git.kernel.org/stable/c/cfc579f9d89af4ada58c69b03bcaa4887840f3b3",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/fc7fdd8c5c2ad2fe3e297698be9d4dbe4a4e0579", "url": "https://git.kernel.org/stable/c/fc7fdd8c5c2ad2fe3e297698be9d4dbe4a4e0579",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
} }
] ]
} }

127
CVE-2021/CVE-2021-472xx/CVE-2021-47226.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-47226", "id": "CVE-2021-47226",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-21T15:15:11.823", "published": "2024-05-21T15:15:11.823",
"lastModified": "2024-11-21T06:35:39.977", "lastModified": "2025-04-29T19:26:36.690",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,31 +15,140 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: x86/fpu: Invalida el estado de la FPU despu\u00e9s de un XRSTOR fallido desde un b\u00fafer de usuario. Tanto Intel como AMD consideran que es arquitect\u00f3nicamente v\u00e1lido que XRSTOR falle con #PF pero aun as\u00ed cambie el estado del registro. . Las condiciones reales bajo las cuales esto podr\u00eda ocurrir no est\u00e1n claras [1], pero parece plausible que esto pueda desencadenarse si un hilo hermano desasigna una p\u00e1gina e invalida el TLB compartido mientras otro hilo hermano est\u00e1 ejecutando XRSTOR en la p\u00e1gina en cuesti\u00f3n. __fpu__restore_sig() puede ejecutar XRSTOR mientras los registros de hardware se conservan en nombre de una tarea de v\u00edctima diferente (usando el mecanismo fpu_fpregs_owner_ctx) y, en teor\u00eda, XRSTOR podr\u00eda fallar pero modificar los registros. Si esto sucede, entonces hay una ventana en la que __fpu__restore_sig() podr\u00eda programar la salida y la tarea de la v\u00edctima podr\u00eda volver a programarse sin recargar sus propios registros FPU. Esto resultar\u00eda en parte del estado de la FPU en el que __fpu__restore_sig() intentaba cargar una filtraci\u00f3n en el estado visible para el usuario de la tarea de la v\u00edctima. Invalide los registros FPU preservados en caso de falla de XRSTOR para evitar que esta situaci\u00f3n corrompa cualquier estado. [1] Los lectores frecuentes de las listas de erratas podr\u00edan imaginar \"condiciones microarquitect\u00f3nicas complejas\"." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: x86/fpu: Invalida el estado de la FPU despu\u00e9s de un XRSTOR fallido desde un b\u00fafer de usuario. Tanto Intel como AMD consideran que es arquitect\u00f3nicamente v\u00e1lido que XRSTOR falle con #PF pero aun as\u00ed cambie el estado del registro. . Las condiciones reales bajo las cuales esto podr\u00eda ocurrir no est\u00e1n claras [1], pero parece plausible que esto pueda desencadenarse si un hilo hermano desasigna una p\u00e1gina e invalida el TLB compartido mientras otro hilo hermano est\u00e1 ejecutando XRSTOR en la p\u00e1gina en cuesti\u00f3n. __fpu__restore_sig() puede ejecutar XRSTOR mientras los registros de hardware se conservan en nombre de una tarea de v\u00edctima diferente (usando el mecanismo fpu_fpregs_owner_ctx) y, en teor\u00eda, XRSTOR podr\u00eda fallar pero modificar los registros. Si esto sucede, entonces hay una ventana en la que __fpu__restore_sig() podr\u00eda programar la salida y la tarea de la v\u00edctima podr\u00eda volver a programarse sin recargar sus propios registros FPU. Esto resultar\u00eda en parte del estado de la FPU en el que __fpu__restore_sig() intentaba cargar una filtraci\u00f3n en el estado visible para el usuario de la tarea de la v\u00edctima. Invalide los registros FPU preservados en caso de falla de XRSTOR para evitar que esta situaci\u00f3n corrompa cualquier estado. [1] Los lectores frecuentes de las listas de erratas podr\u00edan imaginar \"condiciones microarquitect\u00f3nicas complejas\"."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.2",
"versionEndExcluding": "5.10.46",
"matchCriteriaId": "71A9FF74-A7CD-4A97-B822-6302C3124C48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.12.13",
"matchCriteriaId": "7806E7E5-6D4F-4E18-81C1-79B3C60EE855"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0CBAD0FC-C281-4666-AB2F-F8E6E1165DF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:*",
"matchCriteriaId": "96AC23B2-D46A-49D9-8203-8E1BEDCA8532"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:*",
"matchCriteriaId": "DA610E30-717C-4700-9F77-A3C9244F3BFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc4:*:*:*:*:*:*",
"matchCriteriaId": "1ECD33F5-85BE-430B-8F86-8D7BD560311D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc5:*:*:*:*:*:*",
"matchCriteriaId": "CF351855-2437-4CF5-AD7C-BDFA51F27683"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc6:*:*:*:*:*:*",
"matchCriteriaId": "25A855BA-2118-44F2-90EF-EBBB12AF51EF"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/002665dcba4bbec8c82f0aeb4bd3f44334ed2c14", "url": "https://git.kernel.org/stable/c/002665dcba4bbec8c82f0aeb4bd3f44334ed2c14",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/a7748e021b9fb7739e3cb88449296539de0b6817", "url": "https://git.kernel.org/stable/c/a7748e021b9fb7739e3cb88449296539de0b6817",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/d8778e393afa421f1f117471144f8ce6deb6953a", "url": "https://git.kernel.org/stable/c/d8778e393afa421f1f117471144f8ce6deb6953a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/002665dcba4bbec8c82f0aeb4bd3f44334ed2c14", "url": "https://git.kernel.org/stable/c/002665dcba4bbec8c82f0aeb4bd3f44334ed2c14",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/a7748e021b9fb7739e3cb88449296539de0b6817", "url": "https://git.kernel.org/stable/c/a7748e021b9fb7739e3cb88449296539de0b6817",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/d8778e393afa421f1f117471144f8ce6deb6953a", "url": "https://git.kernel.org/stable/c/d8778e393afa421f1f117471144f8ce6deb6953a",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
} }
] ]
} }

127
CVE-2021/CVE-2021-472xx/CVE-2021-47227.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-47227", "id": "CVE-2021-47227",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-21T15:15:11.900", "published": "2024-05-21T15:15:11.900",
"lastModified": "2024-11-21T06:35:40.087", "lastModified": "2025-04-29T19:41:06.873",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,31 +15,140 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: x86/fpu: evita la corrupci\u00f3n del estado en __fpu__restore_sig() La ruta lenta no compactada usa __copy_from_user() y copia todo el b\u00fafer del usuario en el b\u00fafer del kernel, palabra por palabra. Esto significa que el b\u00fafer del kernel ahora puede contener un estado completamente inv\u00e1lido en el que XRSTOR realizar\u00e1 #GP. validar_user_xstate_header() puede detectar parte de esa corrupci\u00f3n, pero eso deja a las personas que llaman la responsabilidad de borrar el b\u00fafer. Antes de la compatibilidad con XSAVES, era posible simplemente reinicializar el b\u00fafer por completo, pero con los estados del supervisor eso ya no es posible porque la divisi\u00f3n del c\u00f3digo de borrado del b\u00fafer lo hac\u00eda al rev\u00e9s. Arreglar eso es posible, pero no corromper al Estado en primer lugar es m\u00e1s s\u00f3lido. Evite la corrupci\u00f3n del b\u00fafer XSAVE del kernel utilizando copy_user_to_xstate() que valida el contenido del encabezado XSAVE antes de copiar los estados reales al kernel. copy_user_to_xstate() anteriormente solo se llamaba para buffers del kernel en formato compacto, pero funciona tanto para formatos compactos como no compactos. Usarlo para el formato no compacto es m\u00e1s lento debido a m\u00faltiples operaciones __copy_from_user(), pero ese costo es menos importante que el c\u00f3digo robusto en una ruta que ya es lenta. [Registro de cambios pulido por Dave Hansen]" "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: x86/fpu: evita la corrupci\u00f3n del estado en __fpu__restore_sig() La ruta lenta no compactada usa __copy_from_user() y copia todo el b\u00fafer del usuario en el b\u00fafer del kernel, palabra por palabra. Esto significa que el b\u00fafer del kernel ahora puede contener un estado completamente inv\u00e1lido en el que XRSTOR realizar\u00e1 #GP. validar_user_xstate_header() puede detectar parte de esa corrupci\u00f3n, pero eso deja a las personas que llaman la responsabilidad de borrar el b\u00fafer. Antes de la compatibilidad con XSAVES, era posible simplemente reinicializar el b\u00fafer por completo, pero con los estados del supervisor eso ya no es posible porque la divisi\u00f3n del c\u00f3digo de borrado del b\u00fafer lo hac\u00eda al rev\u00e9s. Arreglar eso es posible, pero no corromper al Estado en primer lugar es m\u00e1s s\u00f3lido. Evite la corrupci\u00f3n del b\u00fafer XSAVE del kernel utilizando copy_user_to_xstate() que valida el contenido del encabezado XSAVE antes de copiar los estados reales al kernel. copy_user_to_xstate() anteriormente solo se llamaba para buffers del kernel en formato compacto, pero funciona tanto para formatos compactos como no compactos. Usarlo para el formato no compacto es m\u00e1s lento debido a m\u00faltiples operaciones __copy_from_user(), pero ese costo es menos importante que el c\u00f3digo robusto en una ruta que ya es lenta. [Registro de cambios pulido por Dave Hansen]"
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-754"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.8",
"versionEndExcluding": "5.10.46",
"matchCriteriaId": "AD060971-E88B-4295-B40F-7C6C358E1541"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.12.13",
"matchCriteriaId": "7806E7E5-6D4F-4E18-81C1-79B3C60EE855"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0CBAD0FC-C281-4666-AB2F-F8E6E1165DF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:*",
"matchCriteriaId": "96AC23B2-D46A-49D9-8203-8E1BEDCA8532"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:*",
"matchCriteriaId": "DA610E30-717C-4700-9F77-A3C9244F3BFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc4:*:*:*:*:*:*",
"matchCriteriaId": "1ECD33F5-85BE-430B-8F86-8D7BD560311D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc5:*:*:*:*:*:*",
"matchCriteriaId": "CF351855-2437-4CF5-AD7C-BDFA51F27683"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc6:*:*:*:*:*:*",
"matchCriteriaId": "25A855BA-2118-44F2-90EF-EBBB12AF51EF"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/076f732b16a5bf842686e1b43ab6021a2d98233e", "url": "https://git.kernel.org/stable/c/076f732b16a5bf842686e1b43ab6021a2d98233e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/484cea4f362e1eeb5c869abbfb5f90eae6421b38", "url": "https://git.kernel.org/stable/c/484cea4f362e1eeb5c869abbfb5f90eae6421b38",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/ec25ea1f3f05d6f8ee51d1277efea986eafd4f2a", "url": "https://git.kernel.org/stable/c/ec25ea1f3f05d6f8ee51d1277efea986eafd4f2a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/076f732b16a5bf842686e1b43ab6021a2d98233e", "url": "https://git.kernel.org/stable/c/076f732b16a5bf842686e1b43ab6021a2d98233e",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/484cea4f362e1eeb5c869abbfb5f90eae6421b38", "url": "https://git.kernel.org/stable/c/484cea4f362e1eeb5c869abbfb5f90eae6421b38",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/ec25ea1f3f05d6f8ee51d1277efea986eafd4f2a", "url": "https://git.kernel.org/stable/c/ec25ea1f3f05d6f8ee51d1277efea986eafd4f2a",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
} }
] ]
} }

102
CVE-2021/CVE-2021-472xx/CVE-2021-47228.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-47228", "id": "CVE-2021-47228",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-21T15:15:12.250", "published": "2024-05-21T15:15:12.250",
"lastModified": "2024-11-21T06:35:40.190", "lastModified": "2025-04-29T19:49:34.467",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -39,30 +39,116 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10",
"versionEndExcluding": "5.10.46",
"matchCriteriaId": "FD0C8733-D75B-4E30-9D46-CFE48CF2CC1E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.12.13",
"matchCriteriaId": "7806E7E5-6D4F-4E18-81C1-79B3C60EE855"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0CBAD0FC-C281-4666-AB2F-F8E6E1165DF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:*",
"matchCriteriaId": "96AC23B2-D46A-49D9-8203-8E1BEDCA8532"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:*",
"matchCriteriaId": "DA610E30-717C-4700-9F77-A3C9244F3BFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc4:*:*:*:*:*:*",
"matchCriteriaId": "1ECD33F5-85BE-430B-8F86-8D7BD560311D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc5:*:*:*:*:*:*",
"matchCriteriaId": "CF351855-2437-4CF5-AD7C-BDFA51F27683"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc6:*:*:*:*:*:*",
"matchCriteriaId": "25A855BA-2118-44F2-90EF-EBBB12AF51EF"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/208bb686e7fa7fff16e8fa78ff0db34aa9acdbd7", "url": "https://git.kernel.org/stable/c/208bb686e7fa7fff16e8fa78ff0db34aa9acdbd7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/8d651ee9c71bb12fc0c8eb2786b66cbe5aa3e43b", "url": "https://git.kernel.org/stable/c/8d651ee9c71bb12fc0c8eb2786b66cbe5aa3e43b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/b7a05aba39f733ec337c5b952e112dd2dc4fc404", "url": "https://git.kernel.org/stable/c/b7a05aba39f733ec337c5b952e112dd2dc4fc404",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/208bb686e7fa7fff16e8fa78ff0db34aa9acdbd7", "url": "https://git.kernel.org/stable/c/208bb686e7fa7fff16e8fa78ff0db34aa9acdbd7",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/8d651ee9c71bb12fc0c8eb2786b66cbe5aa3e43b", "url": "https://git.kernel.org/stable/c/8d651ee9c71bb12fc0c8eb2786b66cbe5aa3e43b",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/b7a05aba39f733ec337c5b952e112dd2dc4fc404", "url": "https://git.kernel.org/stable/c/b7a05aba39f733ec337c5b952e112dd2dc4fc404",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
} }
] ]
} }

177
CVE-2021/CVE-2021-472xx/CVE-2021-47229.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-47229", "id": "CVE-2021-47229",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-21T15:15:12.323", "published": "2024-05-21T15:15:12.323",
"lastModified": "2024-11-21T06:35:40.363", "lastModified": "2025-04-29T19:42:00.293",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,55 +15,202 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: PCI: aardvark: solucion\u00f3 el p\u00e1nico del kernel durante la transferencia de PIO. Intentar iniciar una nueva transferencia de PIO escribiendo el valor 0 en el registro PIO_START cuando la transferencia anterior a\u00fan no se ha completado (que se indica con el valor 1). en PIO_START) provoca un aborto externo en la CPU, lo que resulta en p\u00e1nico del kernel: Interrupci\u00f3n de SError en CPU0, c\u00f3digo 0xbf000002 - P\u00e1nico del kernel de SError - no se sincroniza: Interrupci\u00f3n de SError asincr\u00f3nica Para evitar el p\u00e1nico del kernel, es necesario rechazar una nueva transferencia de PIO cuando el anterior a\u00fan no ha terminado. Si la transferencia PIO anterior a\u00fan no ha finalizado, el kernel puede emitir una nueva solicitud PIO solo si se agot\u00f3 el tiempo de espera de la transferencia PIO anterior. En el pasado, la causa root de este problema se identific\u00f3 incorrectamente (como sucede a menudo durante el reentrenamiento del enlace o despu\u00e9s de un evento de ca\u00edda del enlace) y se implement\u00f3 un truco especial en Trusted Firmware para detectar todos los eventos de SError en EL3, para ignorar los errores con el c\u00f3digo 0xbf000002 y no reenviar cualquier otro error al kernel y en su lugar generar p\u00e1nico desde el controlador de firmware confiable EL3. Enlaces a discusiones y parches sobre este problema: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=3c7dcdac5c50 https://lore.kernel.org/linux-pci /20190316161243.29517-1-repk@triplefau.lt/ https://lore.kernel.org/linux-pci/971be151d24312cc533989a64bd454b4@www.loen.fr/ https://review.trustedfirmware.org/c/TF-A/trusted -firmware-a/+/1541 Pero la causa real fue el hecho de que durante el reentrenamiento del enlace o despu\u00e9s de un evento de ca\u00edda del enlace, la transferencia de PIO puede tardar m\u00e1s tiempo, hasta 1,44 segundos hasta que se agote el tiempo de espera. Esto aumenta la probabilidad de que el kernel emita una nueva transferencia PIO mientras que la anterior a\u00fan no ha finalizado. Despu\u00e9s de aplicar este cambio en el kernel, es posible revertir el hack de TF-A mencionado y los eventos SError no tienen que detectarse en TF-A EL3." "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: PCI: aardvark: solucion\u00f3 el p\u00e1nico del kernel durante la transferencia de PIO. Intentar iniciar una nueva transferencia de PIO escribiendo el valor 0 en el registro PIO_START cuando la transferencia anterior a\u00fan no se ha completado (que se indica con el valor 1). en PIO_START) provoca un aborto externo en la CPU, lo que resulta en p\u00e1nico del kernel: Interrupci\u00f3n de SError en CPU0, c\u00f3digo 0xbf000002 - P\u00e1nico del kernel de SError - no se sincroniza: Interrupci\u00f3n de SError asincr\u00f3nica Para evitar el p\u00e1nico del kernel, es necesario rechazar una nueva transferencia de PIO cuando el anterior a\u00fan no ha terminado. Si la transferencia PIO anterior a\u00fan no ha finalizado, el kernel puede emitir una nueva solicitud PIO solo si se agot\u00f3 el tiempo de espera de la transferencia PIO anterior. En el pasado, la causa root de este problema se identific\u00f3 incorrectamente (como sucede a menudo durante el reentrenamiento del enlace o despu\u00e9s de un evento de ca\u00edda del enlace) y se implement\u00f3 un truco especial en Trusted Firmware para detectar todos los eventos de SError en EL3, para ignorar los errores con el c\u00f3digo 0xbf000002 y no reenviar cualquier otro error al kernel y en su lugar generar p\u00e1nico desde el controlador de firmware confiable EL3. Enlaces a discusiones y parches sobre este problema: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=3c7dcdac5c50 https://lore.kernel.org/linux-pci /20190316161243.29517-1-repk@triplefau.lt/ https://lore.kernel.org/linux-pci/971be151d24312cc533989a64bd454b4@www.loen.fr/ https://review.trustedfirmware.org/c/TF-A/trusted -firmware-a/+/1541 Pero la causa real fue el hecho de que durante el reentrenamiento del enlace o despu\u00e9s de un evento de ca\u00edda del enlace, la transferencia de PIO puede tardar m\u00e1s tiempo, hasta 1,44 segundos hasta que se agote el tiempo de espera. Esto aumenta la probabilidad de que el kernel emita una nueva transferencia PIO mientras que la anterior a\u00fan no ha finalizado. Despu\u00e9s de aplicar este cambio en el kernel, es posible revertir el hack de TF-A mencionado y los eventos SError no tienen que detectarse en TF-A EL3."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.240",
"matchCriteriaId": "A5B4B002-143F-442C-86E6-8A8B83FEA66E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "4.19.198",
"matchCriteriaId": "B93AEDB9-C52B-4222-8F9A-882DAD9EF5B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.128",
"matchCriteriaId": "6267BD4E-BE25-48B5-B850-4B493440DAFA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.46",
"matchCriteriaId": "59455D13-A902-42E1-97F7-5ED579777193"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.12.13",
"matchCriteriaId": "7806E7E5-6D4F-4E18-81C1-79B3C60EE855"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0CBAD0FC-C281-4666-AB2F-F8E6E1165DF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:*",
"matchCriteriaId": "96AC23B2-D46A-49D9-8203-8E1BEDCA8532"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:*",
"matchCriteriaId": "DA610E30-717C-4700-9F77-A3C9244F3BFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc4:*:*:*:*:*:*",
"matchCriteriaId": "1ECD33F5-85BE-430B-8F86-8D7BD560311D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc5:*:*:*:*:*:*",
"matchCriteriaId": "CF351855-2437-4CF5-AD7C-BDFA51F27683"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc6:*:*:*:*:*:*",
"matchCriteriaId": "25A855BA-2118-44F2-90EF-EBBB12AF51EF"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/1a1dbc4473974867fe8c5f195c17b341c8e82867", "url": "https://git.kernel.org/stable/c/1a1dbc4473974867fe8c5f195c17b341c8e82867",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/3d213a4ddf49a860be6e795482c17f87e0c82b2a", "url": "https://git.kernel.org/stable/c/3d213a4ddf49a860be6e795482c17f87e0c82b2a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/400e6b1860c8be61388d0b77814c53260f96e17a", "url": "https://git.kernel.org/stable/c/400e6b1860c8be61388d0b77814c53260f96e17a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/4c90f90a91d75c3c73dd633827c90e8746d9f54d", "url": "https://git.kernel.org/stable/c/4c90f90a91d75c3c73dd633827c90e8746d9f54d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/b00a9aaa4be20ad6e3311fb78a485eae0899e89a", "url": "https://git.kernel.org/stable/c/b00a9aaa4be20ad6e3311fb78a485eae0899e89a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/f18139966d072dab8e4398c95ce955a9742e04f7", "url": "https://git.kernel.org/stable/c/f18139966d072dab8e4398c95ce955a9742e04f7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/1a1dbc4473974867fe8c5f195c17b341c8e82867", "url": "https://git.kernel.org/stable/c/1a1dbc4473974867fe8c5f195c17b341c8e82867",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/3d213a4ddf49a860be6e795482c17f87e0c82b2a", "url": "https://git.kernel.org/stable/c/3d213a4ddf49a860be6e795482c17f87e0c82b2a",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/400e6b1860c8be61388d0b77814c53260f96e17a", "url": "https://git.kernel.org/stable/c/400e6b1860c8be61388d0b77814c53260f96e17a",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/4c90f90a91d75c3c73dd633827c90e8746d9f54d", "url": "https://git.kernel.org/stable/c/4c90f90a91d75c3c73dd633827c90e8746d9f54d",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/b00a9aaa4be20ad6e3311fb78a485eae0899e89a", "url": "https://git.kernel.org/stable/c/b00a9aaa4be20ad6e3311fb78a485eae0899e89a",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/f18139966d072dab8e4398c95ce955a9742e04f7", "url": "https://git.kernel.org/stable/c/f18139966d072dab8e4398c95ce955a9742e04f7",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
} }
] ]
} }

121
CVE-2021/CVE-2021-472xx/CVE-2021-47234.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-47234", "id": "CVE-2021-47234",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-21T15:15:12.710", "published": "2024-05-21T15:15:12.710",
"lastModified": "2024-11-21T06:35:41.203", "lastModified": "2025-04-29T19:42:29.477",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,31 +15,134 @@
"value": " En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: phy: phy-mtk-tphy: solucione algunas fugas de recursos en mtk_phy_init() Utilice clk_disable_unprepare() en la ruta de error de mtk_phy_init() para solucionar algunas fugas de recursos." "value": " En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: phy: phy-mtk-tphy: solucione algunas fugas de recursos en mtk_phy_init() Utilice clk_disable_unprepare() en la ruta de error de mtk_phy_init() para solucionar algunas fugas de recursos."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.46",
"matchCriteriaId": "A25A5D99-FC5D-49E5-81AF-33B157EA9B2C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.12.13",
"matchCriteriaId": "7806E7E5-6D4F-4E18-81C1-79B3C60EE855"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0CBAD0FC-C281-4666-AB2F-F8E6E1165DF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:*",
"matchCriteriaId": "96AC23B2-D46A-49D9-8203-8E1BEDCA8532"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:*",
"matchCriteriaId": "DA610E30-717C-4700-9F77-A3C9244F3BFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc4:*:*:*:*:*:*",
"matchCriteriaId": "1ECD33F5-85BE-430B-8F86-8D7BD560311D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc5:*:*:*:*:*:*",
"matchCriteriaId": "CF351855-2437-4CF5-AD7C-BDFA51F27683"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/6472955af5e88b5489b6d78316082ad56ea3e489", "url": "https://git.kernel.org/stable/c/6472955af5e88b5489b6d78316082ad56ea3e489",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/9a17907946232d01aa2ec109da5f93b8d31dd425", "url": "https://git.kernel.org/stable/c/9a17907946232d01aa2ec109da5f93b8d31dd425",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/aaac9a1bd370338ce372669eb9a6059d16b929aa", "url": "https://git.kernel.org/stable/c/aaac9a1bd370338ce372669eb9a6059d16b929aa",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/6472955af5e88b5489b6d78316082ad56ea3e489", "url": "https://git.kernel.org/stable/c/6472955af5e88b5489b6d78316082ad56ea3e489",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/9a17907946232d01aa2ec109da5f93b8d31dd425", "url": "https://git.kernel.org/stable/c/9a17907946232d01aa2ec109da5f93b8d31dd425",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/aaac9a1bd370338ce372669eb9a6059d16b929aa", "url": "https://git.kernel.org/stable/c/aaac9a1bd370338ce372669eb9a6059d16b929aa",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
} }
] ]
} }

212
CVE-2021/CVE-2021-472xx/CVE-2021-47236.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-47236", "id": "CVE-2021-47236",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-21T15:15:12.857", "published": "2024-05-21T15:15:12.857",
"lastModified": "2024-11-21T06:35:41.480", "lastModified": "2025-04-29T19:44:19.887",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,71 +15,245 @@
"value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: cdc_eem: corrige la fuga de skb de reparaci\u00f3n de tx cuando usbnet transmite un skb, eem lo repara en eem_tx_fixup(), si skb_copy_expand() falla, devuelve NULL, usbnet_start_xmit() No tendr\u00e1 posibilidad de liberar el skb original. solucionelo primero con skb original gratuito en eem_tx_fixup(), luego verifique el estado del clon de skb, si falla, devuelva NULL a usbnet." "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: cdc_eem: corrige la fuga de skb de reparaci\u00f3n de tx cuando usbnet transmite un skb, eem lo repara en eem_tx_fixup(), si skb_copy_expand() falla, devuelve NULL, usbnet_start_xmit() No tendr\u00e1 posibilidad de liberar el skb original. solucionelo primero con skb original gratuito en eem_tx_fixup(), luego verifique el estado del clon de skb, si falla, devuelva NULL a usbnet."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.30",
"versionEndExcluding": "4.4.274",
"matchCriteriaId": "917424B6-D03C-4372-9E06-61D6C13CE591"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.5",
"versionEndExcluding": "4.9.274",
"matchCriteriaId": "0A84D5BC-006F-41C5-A54D-6D45236009B3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.10",
"versionEndExcluding": "4.14.238",
"matchCriteriaId": "C3C0DBBF-0923-4D2A-9178-134691F9933F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "4.19.196",
"matchCriteriaId": "F3CAB837-7D38-4934-AD4F-195CEFD754E6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.128",
"matchCriteriaId": "6267BD4E-BE25-48B5-B850-4B493440DAFA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.46",
"matchCriteriaId": "59455D13-A902-42E1-97F7-5ED579777193"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.12.13",
"matchCriteriaId": "7806E7E5-6D4F-4E18-81C1-79B3C60EE855"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0CBAD0FC-C281-4666-AB2F-F8E6E1165DF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:*",
"matchCriteriaId": "96AC23B2-D46A-49D9-8203-8E1BEDCA8532"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:*",
"matchCriteriaId": "DA610E30-717C-4700-9F77-A3C9244F3BFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc4:*:*:*:*:*:*",
"matchCriteriaId": "1ECD33F5-85BE-430B-8F86-8D7BD560311D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc5:*:*:*:*:*:*",
"matchCriteriaId": "CF351855-2437-4CF5-AD7C-BDFA51F27683"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc6:*:*:*:*:*:*",
"matchCriteriaId": "25A855BA-2118-44F2-90EF-EBBB12AF51EF"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/05b2b9f7d24b5663d9b47427fe1555bdafd3ea02", "url": "https://git.kernel.org/stable/c/05b2b9f7d24b5663d9b47427fe1555bdafd3ea02",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/14184ec5c958b589ba934da7363a2877879204df", "url": "https://git.kernel.org/stable/c/14184ec5c958b589ba934da7363a2877879204df",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/1bcacd6088d61c0ac6a990d87975600a81f3247e", "url": "https://git.kernel.org/stable/c/1bcacd6088d61c0ac6a990d87975600a81f3247e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/81de2ed06df8b5451e050fe6a318af3263dbff3f", "url": "https://git.kernel.org/stable/c/81de2ed06df8b5451e050fe6a318af3263dbff3f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/b4f7a9fc9d094c0c4a66f2ad7c37b1dbe9e78f88", "url": "https://git.kernel.org/stable/c/b4f7a9fc9d094c0c4a66f2ad7c37b1dbe9e78f88",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/c3b26fdf1b32f91c7a3bc743384b4a298ab53ad7", "url": "https://git.kernel.org/stable/c/c3b26fdf1b32f91c7a3bc743384b4a298ab53ad7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/f12554b0ff639e74612cc01b3b4a049e098d2d65", "url": "https://git.kernel.org/stable/c/f12554b0ff639e74612cc01b3b4a049e098d2d65",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/f4e6a7f19c82f39b1803e91c54718f0d7143767d", "url": "https://git.kernel.org/stable/c/f4e6a7f19c82f39b1803e91c54718f0d7143767d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/05b2b9f7d24b5663d9b47427fe1555bdafd3ea02", "url": "https://git.kernel.org/stable/c/05b2b9f7d24b5663d9b47427fe1555bdafd3ea02",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/14184ec5c958b589ba934da7363a2877879204df", "url": "https://git.kernel.org/stable/c/14184ec5c958b589ba934da7363a2877879204df",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/1bcacd6088d61c0ac6a990d87975600a81f3247e", "url": "https://git.kernel.org/stable/c/1bcacd6088d61c0ac6a990d87975600a81f3247e",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/81de2ed06df8b5451e050fe6a318af3263dbff3f", "url": "https://git.kernel.org/stable/c/81de2ed06df8b5451e050fe6a318af3263dbff3f",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/b4f7a9fc9d094c0c4a66f2ad7c37b1dbe9e78f88", "url": "https://git.kernel.org/stable/c/b4f7a9fc9d094c0c4a66f2ad7c37b1dbe9e78f88",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/c3b26fdf1b32f91c7a3bc743384b4a298ab53ad7", "url": "https://git.kernel.org/stable/c/c3b26fdf1b32f91c7a3bc743384b4a298ab53ad7",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/f12554b0ff639e74612cc01b3b4a049e098d2d65", "url": "https://git.kernel.org/stable/c/f12554b0ff639e74612cc01b3b4a049e098d2d65",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/f4e6a7f19c82f39b1803e91c54718f0d7143767d", "url": "https://git.kernel.org/stable/c/f4e6a7f19c82f39b1803e91c54718f0d7143767d",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
} }
] ]
} }

144
CVE-2021/CVE-2021-472xx/CVE-2021-47246.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-47246", "id": "CVE-2021-47246",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-21T15:15:13.623", "published": "2024-05-21T15:15:13.623",
"lastModified": "2024-11-21T06:35:42.950", "lastModified": "2025-04-29T19:45:28.480",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,39 +15,161 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net/mlx5e: Reparar la recuperaci\u00f3n de p\u00e1gina para la horquilla del par inactiva. Al agregar un flujo de horquilla, se crea una cola de env\u00edo del lado del firmware para el dispositivo de red del par, que reclama algunas p\u00e1ginas de memoria del host para su buffer de anillo interno. Si el dispositivo peer net se elimina/desvincula antes de eliminar el flujo de horquilla, entonces la cola de env\u00edo no se destruye, lo que genera un seguimiento de la pila en la eliminaci\u00f3n del dispositivo pci: [ 748.005230] mlx5_core 0000:08:00.2: wait_func:1094:(pid 12985): Tiempo de espera de MANAGE_PAGES(0x108). Provocar\u00e1 una fuga de un recurso de comando [748.005231] mlx5_core 0000:08:00.2: reclaim_pages:514:(pid 12985): error al recuperar p\u00e1ginas: err -110 [748.001835] mlx5_core 0000:08:00.2: mlx5_reclaim_root_pages:653:(pid 12985): error al recuperar p\u00e1ginas (-110) para el ID de funci\u00f3n 0x0 [748.002171] ------------[ cortar aqu\u00ed ]------------ [ 748.001177] p\u00e1ginas FW el contador es 4 despu\u00e9s de reclamar todas las p\u00e1ginas [748.001186] ADVERTENCIA: CPU: 1 PID: 12985 en drivers/net/ethernet/mellanox/mlx5/core/pagealloc.c:685 mlx5_reclaim_startup_pages+0x34b/0x460 [mlx5_core] [+0.002771] M\u00f3dulos vinculados en: cls_flower mlx5_ib mlx5_core ptp pps_core act_mirred sch_ingress openvswitch nsh xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 br_netfilter rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi rdma_cm ib_umad ib_ipoib iw_cm ib_cm ib_uverbs ib_core overlay fuse [\u00faltima descarga: pps_core] [ 748.007225] CPU: 1 PID: 12985 Comm: tee Not tainted 5.12.0+ #1 [ 748.001376] Nombre del hardware: PC est\u00e1ndar QEMU (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 01/04/2014 [748.002315] RIP: 0010:mlx5_reclaim_startup_pages+0x34b/0x460 [mlx5_core] [748.001679] C\u00f3digo: 28 00 00 00 0f 85 22 01 00 00 48 81 c4 b0 00 00 00 31 c0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 48 c7 c7 40 cc 19 a1 e8 9f 71 0e e2 <0f> 0b e9 30 ff ff ff 48 c7 c7 a0 cc 19 a1 e8 8c 71 0e e2 0f 0b e9 [ 748.003781] RSP: 0018:ffff88815220faf8 GS: 00010286 [748.001149] RAX: 0000000000000000 RBX: ffff8881b4900280 RCX: 0000000000000000 [ 748.001445] RDX: 0000000000000027 RSI: 0000000000000004 RDI: a441f51 [ 748.001614] RBP: 00000000000032b9 R08: 0000000000000001 R09: ffffed1054a15ee8 [ 748.001446] R10: ffff8882a50af73b R11: ee7 R12: ffffbfff07c1e30 [ 748.001447] R13: dffffc0000000000 R14: ffff8881b492cba8 R15: 0000000000000000 [ 748.001429] FS: 00007f58bd08b580(0000) GS:ffff8882a5080000(0000) 000000000000 [ 748.001695] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 748.001309] CR2: 000055a026351740 CR3: 00000001d3b48006 CR4 : 0000000000370ea0 [ 748.001506] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 748.001483] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [748.001654] Seguimiento de llamadas: [748.000576]? mlx5_satisfy_startup_pages+0x290/0x290 [mlx5_core] [748.001416]? mlx5_cmd_teardown_hca+0xa2/0xd0 [mlx5_core] [748.001354]? mlx5_cmd_init_hca+0x280/0x280 [mlx5_core] [ 748.001203] mlx5_function_teardown+0x30/0x60 [mlx5_core] [ 748.001275] mlx5_uninit_one+0xa7/0xc0 [mlx5_core] [ 748.001200] uno+0x5f/0xc0 [mlx5_core] [ 748.001075] pci_device_remove+0x9f/0x1d0 [ 748.000833] device_release_driver_internal+0x1e0/0x490 [ 748.001207] unbind_store+0x19f/0x200 [ 748.000942] ? sysfs_file_ops+0x170/0x170 [ 748.001000] kernfs_fop_write_iter+0x2bc/0x450 [ 748.000970] new_sync_write+0x373/0x610 [ 748.001124] ? new_sync_read+0x600/0x600 [748.001057]? lock_acquire+0x4d6/0x700 [748.000908]? lockdep_hardirqs_on_prepare+0x400/0x400 [748.001126]? fd_install+0x1c9/0x4d0 [ 748.000951] vfs_write+0x4d0/0x800 [ 748.000804] ksys_write+0xf9/0x1d0 [ 748.000868] ? __x64_sys_read+0xb0/0xb0 [748.000811]? filp_open+0x50/0x50 [748.000919]? syscall_enter_from_user_mode+0x1d/0x50 [ 748.001223] do_syscall_64+0x3f/0x80 [ 748.000892] Entry_SYSCALL_64_after_hwframe+0x44/0xae [ 748.00 ---truncado---" "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net/mlx5e: Reparar la recuperaci\u00f3n de p\u00e1gina para la horquilla del par inactiva. Al agregar un flujo de horquilla, se crea una cola de env\u00edo del lado del firmware para el dispositivo de red del par, que reclama algunas p\u00e1ginas de memoria del host para su buffer de anillo interno. Si el dispositivo peer net se elimina/desvincula antes de eliminar el flujo de horquilla, entonces la cola de env\u00edo no se destruye, lo que genera un seguimiento de la pila en la eliminaci\u00f3n del dispositivo pci: [ 748.005230] mlx5_core 0000:08:00.2: wait_func:1094:(pid 12985): Tiempo de espera de MANAGE_PAGES(0x108). Provocar\u00e1 una fuga de un recurso de comando [748.005231] mlx5_core 0000:08:00.2: reclaim_pages:514:(pid 12985): error al recuperar p\u00e1ginas: err -110 [748.001835] mlx5_core 0000:08:00.2: mlx5_reclaim_root_pages:653:(pid 12985): error al recuperar p\u00e1ginas (-110) para el ID de funci\u00f3n 0x0 [748.002171] ------------[ cortar aqu\u00ed ]------------ [ 748.001177] p\u00e1ginas FW el contador es 4 despu\u00e9s de reclamar todas las p\u00e1ginas [748.001186] ADVERTENCIA: CPU: 1 PID: 12985 en drivers/net/ethernet/mellanox/mlx5/core/pagealloc.c:685 mlx5_reclaim_startup_pages+0x34b/0x460 [mlx5_core] [+0.002771] M\u00f3dulos vinculados en: cls_flower mlx5_ib mlx5_core ptp pps_core act_mirred sch_ingress openvswitch nsh xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 br_netfilter rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi rdma_cm ib_umad ib_ipoib iw_cm ib_cm ib_uverbs ib_core overlay fuse [\u00faltima descarga: pps_core] [ 748.007225] CPU: 1 PID: 12985 Comm: tee Not tainted 5.12.0+ #1 [ 748.001376] Nombre del hardware: PC est\u00e1ndar QEMU (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 01/04/2014 [748.002315] RIP: 0010:mlx5_reclaim_startup_pages+0x34b/0x460 [mlx5_core] [748.001679] C\u00f3digo: 28 00 00 00 0f 85 22 01 00 00 48 81 c4 b0 00 00 00 31 c0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 48 c7 c7 40 cc 19 a1 e8 9f 71 0e e2 <0f> 0b e9 30 ff ff ff 48 c7 c7 a0 cc 19 a1 e8 8c 71 0e e2 0f 0b e9 [ 748.003781] RSP: 0018:ffff88815220faf8 GS: 00010286 [748.001149] RAX: 0000000000000000 RBX: ffff8881b4900280 RCX: 0000000000000000 [ 748.001445] RDX: 0000000000000027 RSI: 0000000000000004 RDI: a441f51 [ 748.001614] RBP: 00000000000032b9 R08: 0000000000000001 R09: ffffed1054a15ee8 [ 748.001446] R10: ffff8882a50af73b R11: ee7 R12: ffffbfff07c1e30 [ 748.001447] R13: dffffc0000000000 R14: ffff8881b492cba8 R15: 0000000000000000 [ 748.001429] FS: 00007f58bd08b580(0000) GS:ffff8882a5080000(0000) 000000000000 [ 748.001695] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 748.001309] CR2: 000055a026351740 CR3: 00000001d3b48006 CR4 : 0000000000370ea0 [ 748.001506] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 748.001483] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [748.001654] Seguimiento de llamadas: [748.000576]? mlx5_satisfy_startup_pages+0x290/0x290 [mlx5_core] [748.001416]? mlx5_cmd_teardown_hca+0xa2/0xd0 [mlx5_core] [748.001354]? mlx5_cmd_init_hca+0x280/0x280 [mlx5_core] [ 748.001203] mlx5_function_teardown+0x30/0x60 [mlx5_core] [ 748.001275] mlx5_uninit_one+0xa7/0xc0 [mlx5_core] [ 748.001200] uno+0x5f/0xc0 [mlx5_core] [ 748.001075] pci_device_remove+0x9f/0x1d0 [ 748.000833] device_release_driver_internal+0x1e0/0x490 [ 748.001207] unbind_store+0x19f/0x200 [ 748.000942] ? sysfs_file_ops+0x170/0x170 [ 748.001000] kernfs_fop_write_iter+0x2bc/0x450 [ 748.000970] new_sync_write+0x373/0x610 [ 748.001124] ? new_sync_read+0x600/0x600 [748.001057]? lock_acquire+0x4d6/0x700 [748.000908]? lockdep_hardirqs_on_prepare+0x400/0x400 [748.001126]? fd_install+0x1c9/0x4d0 [ 748.000951] vfs_write+0x4d0/0x800 [ 748.000804] ksys_write+0xf9/0x1d0 [ 748.000868] ? __x64_sys_read+0xb0/0xb0 [748.000811]? filp_open+0x50/0x50 [748.000919]? syscall_enter_from_user_mode+0x1d/0x50 [ 748.001223] do_syscall_64+0x3f/0x80 [ 748.000892] Entry_SYSCALL_64_after_hwframe+0x44/0xae [ 748.00 ---truncado---"
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19",
"versionEndExcluding": "5.4.128",
"matchCriteriaId": "84108161-A7EE-4126-A306-8F64E51801C4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.46",
"matchCriteriaId": "59455D13-A902-42E1-97F7-5ED579777193"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.12.13",
"matchCriteriaId": "7806E7E5-6D4F-4E18-81C1-79B3C60EE855"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0CBAD0FC-C281-4666-AB2F-F8E6E1165DF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:*",
"matchCriteriaId": "96AC23B2-D46A-49D9-8203-8E1BEDCA8532"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:*",
"matchCriteriaId": "DA610E30-717C-4700-9F77-A3C9244F3BFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc4:*:*:*:*:*:*",
"matchCriteriaId": "1ECD33F5-85BE-430B-8F86-8D7BD560311D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc5:*:*:*:*:*:*",
"matchCriteriaId": "CF351855-2437-4CF5-AD7C-BDFA51F27683"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc6:*:*:*:*:*:*",
"matchCriteriaId": "25A855BA-2118-44F2-90EF-EBBB12AF51EF"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/4b16118665e94c90a3e84a5190486fd0e4eedd74", "url": "https://git.kernel.org/stable/c/4b16118665e94c90a3e84a5190486fd0e4eedd74",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/a3e5fd9314dfc4314a9567cde96e1aef83a7458a", "url": "https://git.kernel.org/stable/c/a3e5fd9314dfc4314a9567cde96e1aef83a7458a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/b374c1304f6d3d4752ad1412427b7bf02bb1fd61", "url": "https://git.kernel.org/stable/c/b374c1304f6d3d4752ad1412427b7bf02bb1fd61",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/be7f3f401d224e1efe8112b2fa8b837eeb8c5e52", "url": "https://git.kernel.org/stable/c/be7f3f401d224e1efe8112b2fa8b837eeb8c5e52",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/4b16118665e94c90a3e84a5190486fd0e4eedd74", "url": "https://git.kernel.org/stable/c/4b16118665e94c90a3e84a5190486fd0e4eedd74",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/a3e5fd9314dfc4314a9567cde96e1aef83a7458a", "url": "https://git.kernel.org/stable/c/a3e5fd9314dfc4314a9567cde96e1aef83a7458a",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/b374c1304f6d3d4752ad1412427b7bf02bb1fd61", "url": "https://git.kernel.org/stable/c/b374c1304f6d3d4752ad1412427b7bf02bb1fd61",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/be7f3f401d224e1efe8112b2fa8b837eeb8c5e52", "url": "https://git.kernel.org/stable/c/be7f3f401d224e1efe8112b2fa8b837eeb8c5e52",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
} }
] ]
} }

32
CVE-2022/CVE-2022-27xx/CVE-2022-2794.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-2794", "id": "CVE-2022-2794",
"sourceIdentifier": "hp-security-alert@hp.com", "sourceIdentifier": "hp-security-alert@hp.com",
"published": "2022-12-12T13:15:12.210", "published": "2022-12-12T13:15:12.210",
"lastModified": "2024-11-21T07:01:42.430", "lastModified": "2025-04-29T19:15:50.733",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
} }
] ]
}, },
@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo" "value": "NVD-CWE-noinfo"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2022/CVE-2022-383xx/CVE-2022-38395.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-38395", "id": "CVE-2022-38395",
"sourceIdentifier": "hp-security-alert@hp.com", "sourceIdentifier": "hp-security-alert@hp.com",
"published": "2022-12-12T13:15:14.420", "published": "2022-12-12T13:15:14.420",
"lastModified": "2024-11-21T07:16:23.547", "lastModified": "2025-04-29T19:15:51.787",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 1.8, "exploitabilityScore": 1.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
} }
] ]
}, },
@ -49,6 +69,16 @@
"value": "CWE-427" "value": "CWE-427"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
} }
], ],
"configurations": [ "configurations": [

24
CVE-2022/CVE-2022-40xx/CVE-2022-4055.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-4055", "id": "CVE-2022-4055",
"sourceIdentifier": "secalert@redhat.com", "sourceIdentifier": "secalert@redhat.com",
"published": "2022-11-19T00:15:31.003", "published": "2022-11-19T00:15:31.003",
"lastModified": "2024-11-21T07:34:31.363", "lastModified": "2025-04-29T19:15:53.337",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -36,13 +36,33 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 4.0 "impactScore": 4.0
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0
} }
] ]
}, },
"weaknesses": [ "weaknesses": [
{ {
"source": "secalert@redhat.com", "source": "secalert@redhat.com",
"type": "Primary", "type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",

32
CVE-2022/CVE-2022-443xx/CVE-2022-44379.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-44379", "id": "CVE-2022-44379",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2022-11-18T18:15:10.620", "published": "2022-11-18T18:15:10.620",
"lastModified": "2024-11-21T07:27:56.793", "lastModified": "2025-04-29T19:15:52.057",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 1.2, "exploitabilityScore": 1.2,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
} }
] ]
}, },
@ -49,6 +69,16 @@
"value": "CWE-89" "value": "CWE-89"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2022/CVE-2022-444xx/CVE-2022-44413.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-44413", "id": "CVE-2022-44413",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2022-11-18T19:15:32.533", "published": "2022-11-18T19:15:32.533",
"lastModified": "2024-11-21T07:27:58.767", "lastModified": "2025-04-29T19:15:52.243",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 1.2, "exploitabilityScore": 1.2,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
} }
] ]
}, },
@ -49,6 +69,16 @@
"value": "CWE-89" "value": "CWE-89"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2022/CVE-2022-444xx/CVE-2022-44414.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-44414", "id": "CVE-2022-44414",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2022-11-18T19:15:32.740", "published": "2022-11-18T19:15:32.740",
"lastModified": "2024-11-21T07:27:58.900", "lastModified": "2025-04-29T19:15:52.423",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 1.2, "exploitabilityScore": 1.2,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
} }
] ]
}, },
@ -49,6 +69,16 @@
"value": "CWE-89" "value": "CWE-89"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2022/CVE-2022-444xx/CVE-2022-44415.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-44415", "id": "CVE-2022-44415",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2022-11-18T19:15:32.937", "published": "2022-11-18T19:15:32.937",
"lastModified": "2024-11-21T07:27:59.040", "lastModified": "2025-04-29T19:15:52.597",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 1.2, "exploitabilityScore": 1.2,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
} }
] ]
}, },
@ -49,6 +69,16 @@
"value": "CWE-89" "value": "CWE-89"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2022/CVE-2022-446xx/CVE-2022-44641.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-44641", "id": "CVE-2022-44641",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2022-11-18T21:15:11.787", "published": "2022-11-18T21:15:11.787",
"lastModified": "2024-11-21T07:28:15.090", "lastModified": "2025-04-29T19:15:52.773",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
} }
] ]
}, },
@ -49,6 +69,16 @@
"value": "CWE-776" "value": "CWE-776"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-776"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2022/CVE-2022-448xx/CVE-2022-44820.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-44820", "id": "CVE-2022-44820",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2022-11-18T19:15:33.130", "published": "2022-11-18T19:15:33.130",
"lastModified": "2024-11-21T07:28:29.283", "lastModified": "2025-04-29T19:15:52.970",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 1.2, "exploitabilityScore": 1.2,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
} }
] ]
}, },
@ -49,6 +69,16 @@
"value": "CWE-89" "value": "CWE-89"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2022/CVE-2022-454xx/CVE-2022-45474.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-45474", "id": "CVE-2022-45474",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2022-11-18T18:15:10.767", "published": "2022-11-18T18:15:10.767",
"lastModified": "2024-11-21T07:29:18.897", "lastModified": "2025-04-29T19:15:53.150",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
] ]
}, },
@ -49,6 +69,16 @@
"value": "CWE-416" "value": "CWE-416"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
} }
], ],
"configurations": [ "configurations": [

40
CVE-2024/CVE-2024-115xx/CVE-2024-11503.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-11503", "id": "CVE-2024-11503",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2025-03-25T06:15:38.720", "published": "2025-03-25T06:15:38.720",
"lastModified": "2025-03-27T16:45:46.410", "lastModified": "2025-04-29T18:11:43.417",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -39,10 +39,44 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:shapedplugin:wp_tabs:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.2.7",
"matchCriteriaId": "48030BD7-6097-4D58-92B9-0780CBDDD3BA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://wpscan.com/vulnerability/25592b6c-b9ab-4d9e-b314-091594ce9189/", "url": "https://wpscan.com/vulnerability/25592b6c-b9ab-4d9e-b314-091594ce9189/",
"source": "contact@wpscan.com" "source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

40
CVE-2024/CVE-2024-119xx/CVE-2024-11924.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-11924", "id": "CVE-2024-11924",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2025-04-17T06:15:42.460", "published": "2025-04-17T06:15:42.460",
"lastModified": "2025-04-17T20:21:48.243", "lastModified": "2025-04-29T19:10:33.087",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -39,10 +39,44 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:icegram:icegram_express:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "5.7.52",
"matchCriteriaId": "4B4184FB-9873-463D-B242-A29482BB1842"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://wpscan.com/vulnerability/70288369-132d-4211-bca0-0411736df747/", "url": "https://wpscan.com/vulnerability/70288369-132d-4211-bca0-0411736df747/",
"source": "contact@wpscan.com" "source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

40
CVE-2024/CVE-2024-139xx/CVE-2024-13925.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-13925", "id": "CVE-2024-13925",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2025-04-17T06:15:43.590", "published": "2025-04-17T06:15:43.590",
"lastModified": "2025-04-18T14:15:20.327", "lastModified": "2025-04-29T19:09:09.200",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -39,10 +39,44 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:klarna:klarna_checkout_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.13.5",
"matchCriteriaId": "45185EB1-9A55-4BD2-BB2C-FFF6B4E15EAA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://wpscan.com/vulnerability/6aebb52f-d74a-4043-86c4-c24579f24ef4/", "url": "https://wpscan.com/vulnerability/6aebb52f-d74a-4043-86c4-c24579f24ef4/",
"source": "contact@wpscan.com" "source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

4
CVE-2024/CVE-2024-280xx/CVE-2024-28022.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-28022", "id": "CVE-2024-28022",
"sourceIdentifier": "cybersecurity@hitachienergy.com", "sourceIdentifier": "cybersecurity@hitachienergy.com",
"published": "2024-06-11T19:16:06.017", "published": "2024-06-11T19:16:06.017",
"lastModified": "2024-11-21T09:05:39.653", "lastModified": "2025-04-29T19:40:10.683",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {

110
CVE-2024/CVE-2024-30xx/CVE-2024-3081.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-3081", "id": "CVE-2024-3081",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-03-29T15:15:14.657", "published": "2024-03-29T15:15:14.657",
"lastModified": "2024-11-21T09:28:51.347", "lastModified": "2025-04-29T19:44:58.373",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.1, "exploitabilityScore": 2.1,
"impactScore": 1.4 "impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
} }
], ],
"cvssMetricV2": [ "cvssMetricV2": [
@ -76,54 +96,116 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:easycorp:easyadmin:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.8.9",
"matchCriteriaId": "EE0AE5AE-72BF-4C77-A3AA-F13E0AC47D2F"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/EasyCorp/EasyAdminBundle/commit/127436e4c3f56276d548070f99e61b7234200a11", "url": "https://github.com/EasyCorp/EasyAdminBundle/commit/127436e4c3f56276d548070f99e61b7234200a11",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/EasyCorp/EasyAdminBundle/pull/5971", "url": "https://github.com/EasyCorp/EasyAdminBundle/pull/5971",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Issue Tracking",
"Patch"
]
}, },
{ {
"url": "https://github.com/EasyCorp/EasyAdminBundle/pull/6067", "url": "https://github.com/EasyCorp/EasyAdminBundle/pull/6067",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Issue Tracking",
"Patch"
]
}, },
{ {
"url": "https://github.com/EasyCorp/EasyAdminBundle/releases/tag/v4.8.10", "url": "https://github.com/EasyCorp/EasyAdminBundle/releases/tag/v4.8.10",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Release Notes"
]
}, },
{ {
"url": "https://vuldb.com/?ctiid.258613", "url": "https://vuldb.com/?ctiid.258613",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?id.258613", "url": "https://vuldb.com/?id.258613",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}, },
{ {
"url": "https://github.com/EasyCorp/EasyAdminBundle/commit/127436e4c3f56276d548070f99e61b7234200a11", "url": "https://github.com/EasyCorp/EasyAdminBundle/commit/127436e4c3f56276d548070f99e61b7234200a11",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/EasyCorp/EasyAdminBundle/pull/5971", "url": "https://github.com/EasyCorp/EasyAdminBundle/pull/5971",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
]
}, },
{ {
"url": "https://github.com/EasyCorp/EasyAdminBundle/pull/6067", "url": "https://github.com/EasyCorp/EasyAdminBundle/pull/6067",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
]
}, },
{ {
"url": "https://github.com/EasyCorp/EasyAdminBundle/releases/tag/v4.8.10", "url": "https://github.com/EasyCorp/EasyAdminBundle/releases/tag/v4.8.10",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
]
}, },
{ {
"url": "https://vuldb.com/?ctiid.258613", "url": "https://vuldb.com/?ctiid.258613",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?id.258613", "url": "https://vuldb.com/?id.258613",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
} }
] ]
} }

56
CVE-2024/CVE-2024-48xx/CVE-2024-4877.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-4877", "id": "CVE-2024-4877",
"sourceIdentifier": "security@openvpn.net", "sourceIdentifier": "security@openvpn.net",
"published": "2025-04-03T16:15:32.840", "published": "2025-04-03T16:15:32.840",
"lastModified": "2025-04-07T14:18:34.453", "lastModified": "2025-04-29T19:45:07.223",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -49,16 +49,64 @@
"value": "CWE-268" "value": "CWE-268"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openvpn:openvpn:*:*:*:*:community:*:*:*",
"versionStartIncluding": "2.4.0",
"versionEndExcluding": "2.6.11",
"matchCriteriaId": "C87B630D-FF25-4172-AE95-D5D93DF2286A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2024-4877", "url": "https://community.openvpn.net/openvpn/wiki/CVE-2024-4877",
"source": "security@openvpn.net" "source": "security@openvpn.net",
"tags": [
"Permissions Required"
]
}, },
{ {
"url": "https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07634.html", "url": "https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07634.html",
"source": "security@openvpn.net" "source": "security@openvpn.net",
"tags": [
"Release Notes",
"Mailing List"
]
} }
] ]
} }

33
CVE-2024/CVE-2024-552xx/CVE-2024-55279.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-55279", "id": "CVE-2024-55279",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2025-03-24T15:15:15.913", "published": "2025-03-24T15:15:15.913",
"lastModified": "2025-04-01T18:15:29.407", "lastModified": "2025-04-29T18:12:55.493",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -51,14 +51,39 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:uguu:uguu:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.8.9",
"matchCriteriaId": "4F7BA162-6B25-4A30-BC6D-FC50B3223375"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://codeberg.org/zypressen/CVE-2024-55279", "url": "https://codeberg.org/zypressen/CVE-2024-55279",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://github.com/nokonoko/Uguu/", "url": "https://github.com/nokonoko/Uguu/",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Product"
]
} }
] ]
} }

59
CVE-2024/CVE-2024-90xx/CVE-2024-9053.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-9053", "id": "CVE-2024-9053",
"sourceIdentifier": "security@huntr.dev", "sourceIdentifier": "security@huntr.dev",
"published": "2025-03-20T10:15:46.327", "published": "2025-03-20T10:15:46.327",
"lastModified": "2025-03-20T10:15:46.327", "lastModified": "2025-04-29T18:14:13.743",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -16,6 +16,28 @@
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [ "cvssMetricV30": [
{ {
"source": "security@huntr.dev", "source": "security@huntr.dev",
@ -49,12 +71,43 @@
"value": "CWE-78" "value": "CWE-78"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vllm-project:vllm:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C21B072B-4EBD-4D1A-B27A-62ED9D7D9170"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://huntr.com/bounties/75a544f3-34a3-4da0-b5a3-1495cb031e09", "url": "https://huntr.com/bounties/75a544f3-34a3-4da0-b5a3-1495cb031e09",
"source": "security@huntr.dev" "source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

10
CVE-2025/CVE-2025-07xx/CVE-2025-0716.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-0716", "id": "CVE-2025-0716",
"sourceIdentifier": "36c7be3b-2937-45df-85ea-ca7133ea542c", "sourceIdentifier": "36c7be3b-2937-45df-85ea-ca7133ea542c",
"published": "2025-04-29T17:15:39.790", "published": "2025-04-29T17:15:39.790",
"lastModified": "2025-04-29T17:15:39.790", "lastModified": "2025-04-29T19:15:53.537",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [ "cveTags": [
{ {
@ -62,6 +62,14 @@
{ {
"url": "https://www.herodevs.com/vulnerability-directory/cve-2025-0716", "url": "https://www.herodevs.com/vulnerability-directory/cve-2025-0716",
"source": "36c7be3b-2937-45df-85ea-ca7133ea542c" "source": "36c7be3b-2937-45df-85ea-ca7133ea542c"
},
{
"url": "https://codepen.io/herodevs/pen/qEWQmpd/a86a0d29310e12c7a3756768e6c7b915",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
},
{
"url": "https://www.herodevs.com/vulnerability-directory/cve-2025-0716",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
} }
] ]
} }

40
CVE-2025/CVE-2025-15xx/CVE-2025-1523.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-1523", "id": "CVE-2025-1523",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2025-04-17T06:15:43.697", "published": "2025-04-17T06:15:43.697",
"lastModified": "2025-04-17T20:21:48.243", "lastModified": "2025-04-29T19:06:48.263",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -39,10 +39,44 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:davidvongries:ultimate_dashboard:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.8.6",
"matchCriteriaId": "4E4AA857-6F04-4A2A-ADE9-3D646A622C8C"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://wpscan.com/vulnerability/5a20768f-3128-4b0a-a06b-2247f3e02c99/", "url": "https://wpscan.com/vulnerability/5a20768f-3128-4b0a-a06b-2247f3e02c99/",
"source": "contact@wpscan.com" "source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

60
CVE-2025/CVE-2025-19xx/CVE-2025-1976.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-1976", "id": "CVE-2025-1976",
"sourceIdentifier": "sirt@brocade.com", "sourceIdentifier": "sirt@brocade.com",
"published": "2025-04-24T03:15:14.820", "published": "2025-04-24T03:15:14.820",
"lastModified": "2025-04-29T13:52:47.470", "lastModified": "2025-04-29T19:49:59.680",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -59,6 +59,28 @@
"providerUrgency": "NOT_DEFINED" "providerUrgency": "NOT_DEFINED"
} }
} }
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
] ]
}, },
"cisaExploitAdd": "2025-04-28", "cisaExploitAdd": "2025-04-28",
@ -75,12 +97,44 @@
"value": "CWE-94" "value": "CWE-94"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.1.0",
"versionEndExcluding": "9.1.1d7",
"matchCriteriaId": "3ABCC4B4-A839-4988-B850-1788C4EF97D5"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25602", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25602",
"source": "sirt@brocade.com" "source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

82
CVE-2025/CVE-2025-220xx/CVE-2025-22031.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-22031", "id": "CVE-2025-22031",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-04-16T15:15:55.710", "published": "2025-04-16T15:15:55.710",
"lastModified": "2025-04-17T20:22:16.240", "lastModified": "2025-04-29T18:57:00.353",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,19 +15,89 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: PCI/bwctrl: Correcci\u00f3n de la desreferencia de puntero nulo al agotar el n\u00famero de bus. Cuando la BIOS no asigna n\u00fameros de bus a los puentes PCI, el kernel intenta corregirlo durante la enumeraci\u00f3n de dispositivos PCI. Si se agotan los n\u00fameros de bus, no se asigna ning\u00fan pci_bus y el puntero \"subordinado\" en el pci_dev del puente permanece nulo. El controlador de ancho de banda PCIe no busca err\u00f3neamente un puntero subordinado nulo y lo desreferencia al sondear. El control del ancho de banda de los dispositivos inutilizables debajo del puente es de dudosa utilidad, por lo que simplemente se genera un error. Esto refleja lo que hace PCIe hotplug desde el commit 62e4492c3063 (\"PCI: Evitar la desreferencia de puntero nulo durante el sondeo pciehp\"). El n\u00facleo PCI emite un mensaje con severidad KERN_INFO si se agotan los n\u00fameros de bus. PCIe hotplug emite un mensaje adicional con severidad KERN_ERR para informar al usuario que la funci\u00f3n hotplug est\u00e1 deshabilitada en el puente. Un mensaje similar para el control del ancho de banda no parece justificado, dado que su \u00fanico prop\u00f3sito hasta ahora es mostrar una velocidad de enlace actualizada en sysfs y limitarla en ciertas computadoras port\u00e1tiles con potencia de dise\u00f1o t\u00e9rmico limitada. Por lo tanto, el error se emite silenciosamente. Mensajes visibles para el usuario: pci 0000:16:02.0: configuraci\u00f3n de puente no v\u00e1lida ([bus 00-00]), reconfigurando [...] pci_bus 0000:45: busn_res: el extremo [bus 45-74] se actualiza a 74 pci 0000:16:02.0: los dispositivos detr\u00e1s del puente no se pueden usar porque no se puede asignar [bus 45-74] para ellos [...] pcieport 0000:16:02.0: pciehp: Puente hot-plug sin bus secundario, ignorando [...] ERROR: desreferencia de puntero NULL del kernel RIP: pcie_update_link_speed pcie_bwnotif_enable pcie_bwnotif_probe pcie_port_probe_service really_probe" "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: PCI/bwctrl: Correcci\u00f3n de la desreferencia de puntero nulo al agotar el n\u00famero de bus. Cuando la BIOS no asigna n\u00fameros de bus a los puentes PCI, el kernel intenta corregirlo durante la enumeraci\u00f3n de dispositivos PCI. Si se agotan los n\u00fameros de bus, no se asigna ning\u00fan pci_bus y el puntero \"subordinado\" en el pci_dev del puente permanece nulo. El controlador de ancho de banda PCIe no busca err\u00f3neamente un puntero subordinado nulo y lo desreferencia al sondear. El control del ancho de banda de los dispositivos inutilizables debajo del puente es de dudosa utilidad, por lo que simplemente se genera un error. Esto refleja lo que hace PCIe hotplug desde el commit 62e4492c3063 (\"PCI: Evitar la desreferencia de puntero nulo durante el sondeo pciehp\"). El n\u00facleo PCI emite un mensaje con severidad KERN_INFO si se agotan los n\u00fameros de bus. PCIe hotplug emite un mensaje adicional con severidad KERN_ERR para informar al usuario que la funci\u00f3n hotplug est\u00e1 deshabilitada en el puente. Un mensaje similar para el control del ancho de banda no parece justificado, dado que su \u00fanico prop\u00f3sito hasta ahora es mostrar una velocidad de enlace actualizada en sysfs y limitarla en ciertas computadoras port\u00e1tiles con potencia de dise\u00f1o t\u00e9rmico limitada. Por lo tanto, el error se emite silenciosamente. Mensajes visibles para el usuario: pci 0000:16:02.0: configuraci\u00f3n de puente no v\u00e1lida ([bus 00-00]), reconfigurando [...] pci_bus 0000:45: busn_res: el extremo [bus 45-74] se actualiza a 74 pci 0000:16:02.0: los dispositivos detr\u00e1s del puente no se pueden usar porque no se puede asignar [bus 45-74] para ellos [...] pcieport 0000:16:02.0: pciehp: Puente hot-plug sin bus secundario, ignorando [...] ERROR: desreferencia de puntero NULL del kernel RIP: pcie_update_link_speed pcie_bwnotif_enable pcie_bwnotif_probe pcie_port_probe_service really_probe"
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.13",
"versionEndExcluding": "6.13.11",
"matchCriteriaId": "E7E864B0-8C00-4679-BA55-659B4C9C3AD3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.14",
"versionEndExcluding": "6.14.2",
"matchCriteriaId": "FADAE5D8-4808-442C-B218-77B2CE8780A0"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/1181924af78e5299ddec6e457789c02dd5966559", "url": "https://git.kernel.org/stable/c/1181924af78e5299ddec6e457789c02dd5966559",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/667f053b05f00a007738cd7ed6fa1901de19dc7e", "url": "https://git.kernel.org/stable/c/667f053b05f00a007738cd7ed6fa1901de19dc7e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/d93d309013e89631630a12b1770d27e4be78362a", "url": "https://git.kernel.org/stable/c/d93d309013e89631630a12b1770d27e4be78362a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

94
CVE-2025/CVE-2025-220xx/CVE-2025-22032.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-22032", "id": "CVE-2025-22032",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-04-16T15:15:55.823", "published": "2025-04-16T15:15:55.823",
"lastModified": "2025-04-17T20:22:16.240", "lastModified": "2025-04-29T18:57:24.340",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,23 +15,103 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: mt76: mt7921: correcci\u00f3n de p\u00e1nico del kernel debido a la desreferencia de puntero nulo. Se solucion\u00f3 un p\u00e1nico del kernel causado por una desreferencia de puntero nulo en la funci\u00f3n `mt792x_rx_get_wcid`. El problema surge porque la estructura `deflink` no se inicializa correctamente con el contexto `sta`. Este parche garantiza que la estructura `deflink` est\u00e9 correctamente vinculada al contexto `sta`, lo que evita la desreferencia de puntero nulo. ERROR: desreferencia de puntero NULL del kernel, direcci\u00f3n: 0000000000000400 #PF: acceso de lectura del supervisor en modo kernel #PF: error_code(0x0000) - p\u00e1gina no presente PGD 0 P4D 0 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 0 UID: 0 PID: 470 Comm: mt76-usb-rx phy No contaminado 6.12.13-gentoo-dist #1 Nombre del hardware: /AMD HUDSON-M1, BIOS 4.6.4 15/11/2011 RIP: 0010:mt792x_rx_get_wcid+0x48/0x140 [mt792x_lib] RSP: 0018:ffffa147c055fd98 EFLAGS: 00010202 RAX: 0000000000000000 RBX: ffff8e9ecb652000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8e9ecb652000 RBP: 0000000000000685 R08: ffff8e9ec6570000 R09: 000000000000000 R10: ffff8e9ecd2ca000 R11: ffff8e9f22a217c0 R12: 0000000038010119 R13: 0000000080843801 R14: ffff8e9ec6570000 R15: ffff8e9ecb652000 FS: 0000000000000000(0000) GS:ffff8e9f22a00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000400 CR3: 000000000d2ea000 CR4: 00000000000006f0 Seguimiento de llamadas: ? __die_body.cold+0x19/0x27 ? page_fault_oops+0x15a/0x2f0 ? search_module_extables+0x19/0x60 ? search_bpf_extables+0x5f/0x80 ? exc_page_fault+0x7e/0x180 ? asm_exc_page_fault+0x26/0x30 ? mt792x_rx_get_wcid+0x48/0x140 [mt792x_lib] mt7921_queue_rx_skb+0x1c6/0xaa0 [mt7921_common] mt76u_alloc_queues+0x784/0x810 [mt76_usb] ? __pfx___mt76_worker_fn+0x10/0x10 [mt76] __mt76_worker_fn+0x4f/0x80 [mt76] kthread+0xd2/0x100 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 ---[ fin de seguimiento 0000000000000000 ]---" "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: mt76: mt7921: correcci\u00f3n de p\u00e1nico del kernel debido a la desreferencia de puntero nulo. Se solucion\u00f3 un p\u00e1nico del kernel causado por una desreferencia de puntero nulo en la funci\u00f3n `mt792x_rx_get_wcid`. El problema surge porque la estructura `deflink` no se inicializa correctamente con el contexto `sta`. Este parche garantiza que la estructura `deflink` est\u00e9 correctamente vinculada al contexto `sta`, lo que evita la desreferencia de puntero nulo. ERROR: desreferencia de puntero NULL del kernel, direcci\u00f3n: 0000000000000400 #PF: acceso de lectura del supervisor en modo kernel #PF: error_code(0x0000) - p\u00e1gina no presente PGD 0 P4D 0 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 0 UID: 0 PID: 470 Comm: mt76-usb-rx phy No contaminado 6.12.13-gentoo-dist #1 Nombre del hardware: /AMD HUDSON-M1, BIOS 4.6.4 15/11/2011 RIP: 0010:mt792x_rx_get_wcid+0x48/0x140 [mt792x_lib] RSP: 0018:ffffa147c055fd98 EFLAGS: 00010202 RAX: 0000000000000000 RBX: ffff8e9ecb652000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8e9ecb652000 RBP: 0000000000000685 R08: ffff8e9ec6570000 R09: 000000000000000 R10: ffff8e9ecd2ca000 R11: ffff8e9f22a217c0 R12: 0000000038010119 R13: 0000000080843801 R14: ffff8e9ec6570000 R15: ffff8e9ecb652000 FS: 0000000000000000(0000) GS:ffff8e9f22a00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000400 CR3: 000000000d2ea000 CR4: 00000000000006f0 Seguimiento de llamadas: ? __die_body.cold+0x19/0x27 ? page_fault_oops+0x15a/0x2f0 ? search_module_extables+0x19/0x60 ? search_bpf_extables+0x5f/0x80 ? exc_page_fault+0x7e/0x180 ? asm_exc_page_fault+0x26/0x30 ? mt792x_rx_get_wcid+0x48/0x140 [mt792x_lib] mt7921_queue_rx_skb+0x1c6/0xaa0 [mt7921_common] mt76u_alloc_queues+0x784/0x810 [mt76_usb] ? __pfx___mt76_worker_fn+0x10/0x10 [mt76] __mt76_worker_fn+0x4f/0x80 [mt76] kthread+0xd2/0x100 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 ---[ fin de seguimiento 0000000000000000 ]---"
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.12.13",
"versionEndExcluding": "6.12.23",
"matchCriteriaId": "84FFB34D-0456-4FA6-8C99-7208954FD3C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.13.2",
"versionEndExcluding": "6.13.11",
"matchCriteriaId": "65ADC862-CEB2-4959-A2D4-7DAACFE00C8A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.14",
"versionEndExcluding": "6.14.2",
"matchCriteriaId": "FADAE5D8-4808-442C-B218-77B2CE8780A0"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/0cfea60966e4b1239d20bebf02258295e189e82a", "url": "https://git.kernel.org/stable/c/0cfea60966e4b1239d20bebf02258295e189e82a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/5a57f8eb2a17d469d65cd1186cea26b798221d4a", "url": "https://git.kernel.org/stable/c/5a57f8eb2a17d469d65cd1186cea26b798221d4a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/adc3fd2a2277b7cc0b61692463771bf9bd298036", "url": "https://git.kernel.org/stable/c/adc3fd2a2277b7cc0b61692463771bf9bd298036",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/effec50381991bc067acf4b3351a57831c74d27f", "url": "https://git.kernel.org/stable/c/effec50381991bc067acf4b3351a57831c74d27f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

118
CVE-2025/CVE-2025-220xx/CVE-2025-22033.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-22033", "id": "CVE-2025-22033",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-04-16T15:15:55.923", "published": "2025-04-16T15:15:55.923",
"lastModified": "2025-04-17T20:22:16.240", "lastModified": "2025-04-29T18:57:42.940",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,31 +15,131 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: arm64: No llamar a NULL en do_compat_alignment_fixup(). do_alignment_t32_to_handler() solo corrige errores de alineaci\u00f3n para instrucciones espec\u00edficas; devuelve NULL en caso contrario (por ejemplo, LDREX). En ese caso, se indica al emisor que debe continuar con la gesti\u00f3n normal de errores de alineaci\u00f3n (por ejemplo, SIGBUS). Sin este parche, el kernel entra en p\u00e1nico: No se puede gestionar la desreferencia del puntero NULL del kernel en la direcci\u00f3n virtual 0000000000000000 Informaci\u00f3n de aborto de memoria: ESR = 0x0000000086000006 EC = 0x21: IABT (EL actual), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x06: error de traducci\u00f3n de nivel 2 usuario pgtable: 4k p\u00e1ginas, VAs de 48 bits, pgdp=00000800164aa000 [000000000000000] pgd=0800081fdbd22003, p4d=0800081fdbd22003, pud=08000815d51c6003, pmd=0000000000000000 Error interno: Ups: 0000000086000006 [#1] M\u00f3dulos SMP vinculados en: cfg80211 rfkill xt_nat xt_tcpudp xt_conntrack nft_chain_nat xt_MASQUERADE nf_nat nf_conntrack_netlink nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xfrm_user xfrm_algo xt_addrtype nft_compat br_netfilter veth nvme_fa> libcrc32c crc32c_generic raid0 multipath lineal dm_mod dax raid1 md_mod xhci_pci nvme xhci_hcd nvme_core t10_pi usbcore igb crc64_rocksoft crc64 crc_t10dif crct10dif_generic crct10dif_ce crct10dif_common usb_common i2c_algo_bit i2c> CPU: 2 PID: 3932954 Comm: WPEWebProcess No contaminado 6.1.0-31-arm64 #1 Debian 6.1.128-1 Nombre del hardware: GIGABYTE MP32-AR1-00/MP32-AR1-00, BIOS F18v (SCP: 1.08.20211002) 12/01/2021 pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : 0x0 lr: corregir la alineaci\u00f3n de compatibilidad+0xd8/0x3dc sp: ffff80000f973dd0 x29: ffff80000f973dd0 x28: ffff081b42526180 x27: 0000000000000000 x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000 x23: 0000000000000004 x22: 0000000000000000 x21: 0000000000000001 x20: 00000000e8551f00 x19: ffff80000f973eb0 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 000000000000000 x9: ffffaebc949bc488 x8: 000000000000000 x7 : 0000000000000000 x6 : 0000000000000000 x5 : 00000000000400000 x4 : 0000ffffffffffffe x3 : 0000000000000000 x2 : ffff80000f973eb0 x1 : 00000000e8551f00 x0 : 0000000000000001 Rastreo de llamadas: 0x0 do_alignment_fault+0x40/0x50 do_mem_abort+0x4c/0xa0 el0_da+0x48/0xf0 el0t_32_sync_handler+0x110/0x140 el0t_32_sync+0x190/0x194 C\u00f3digo: valor de PC incorrecto ---[ fin de seguimiento 0000000000000000 ]---" "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: arm64: No llamar a NULL en do_compat_alignment_fixup(). do_alignment_t32_to_handler() solo corrige errores de alineaci\u00f3n para instrucciones espec\u00edficas; devuelve NULL en caso contrario (por ejemplo, LDREX). En ese caso, se indica al emisor que debe continuar con la gesti\u00f3n normal de errores de alineaci\u00f3n (por ejemplo, SIGBUS). Sin este parche, el kernel entra en p\u00e1nico: No se puede gestionar la desreferencia del puntero NULL del kernel en la direcci\u00f3n virtual 0000000000000000 Informaci\u00f3n de aborto de memoria: ESR = 0x0000000086000006 EC = 0x21: IABT (EL actual), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x06: error de traducci\u00f3n de nivel 2 usuario pgtable: 4k p\u00e1ginas, VAs de 48 bits, pgdp=00000800164aa000 [000000000000000] pgd=0800081fdbd22003, p4d=0800081fdbd22003, pud=08000815d51c6003, pmd=0000000000000000 Error interno: Ups: 0000000086000006 [#1] M\u00f3dulos SMP vinculados en: cfg80211 rfkill xt_nat xt_tcpudp xt_conntrack nft_chain_nat xt_MASQUERADE nf_nat nf_conntrack_netlink nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xfrm_user xfrm_algo xt_addrtype nft_compat br_netfilter veth nvme_fa> libcrc32c crc32c_generic raid0 multipath lineal dm_mod dax raid1 md_mod xhci_pci nvme xhci_hcd nvme_core t10_pi usbcore igb crc64_rocksoft crc64 crc_t10dif crct10dif_generic crct10dif_ce crct10dif_common usb_common i2c_algo_bit i2c> CPU: 2 PID: 3932954 Comm: WPEWebProcess No contaminado 6.1.0-31-arm64 #1 Debian 6.1.128-1 Nombre del hardware: GIGABYTE MP32-AR1-00/MP32-AR1-00, BIOS F18v (SCP: 1.08.20211002) 12/01/2021 pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : 0x0 lr: corregir la alineaci\u00f3n de compatibilidad+0xd8/0x3dc sp: ffff80000f973dd0 x29: ffff80000f973dd0 x28: ffff081b42526180 x27: 0000000000000000 x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000 x23: 0000000000000004 x22: 0000000000000000 x21: 0000000000000001 x20: 00000000e8551f00 x19: ffff80000f973eb0 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 000000000000000 x9: ffffaebc949bc488 x8: 000000000000000 x7 : 0000000000000000 x6 : 0000000000000000 x5 : 00000000000400000 x4 : 0000ffffffffffffe x3 : 0000000000000000 x2 : ffff80000f973eb0 x1 : 00000000e8551f00 x0 : 0000000000000001 Rastreo de llamadas: 0x0 do_alignment_fault+0x40/0x50 do_mem_abort+0x4c/0xa0 el0_da+0x48/0xf0 el0t_32_sync_handler+0x110/0x140 el0t_32_sync+0x190/0x194 C\u00f3digo: valor de PC incorrecto ---[ fin de seguimiento 0000000000000000 ]---"
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.1",
"versionEndExcluding": "6.1.134",
"matchCriteriaId": "10FAA32F-8D33-4A36-8482-01961DD84A84"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.87",
"matchCriteriaId": "EFF24260-49B1-4251-9477-C564CFDAD25B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.12.23",
"matchCriteriaId": "26CAB76D-F00F-43CE-BEAD-7097F8FB1D6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.13",
"versionEndExcluding": "6.13.11",
"matchCriteriaId": "E7E864B0-8C00-4679-BA55-659B4C9C3AD3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.14",
"versionEndExcluding": "6.14.2",
"matchCriteriaId": "FADAE5D8-4808-442C-B218-77B2CE8780A0"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/2df8ee605eb6806cd41c2095306db05206633a08", "url": "https://git.kernel.org/stable/c/2df8ee605eb6806cd41c2095306db05206633a08",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/617a4b0084a547917669fef2b54253cc9c064990", "url": "https://git.kernel.org/stable/c/617a4b0084a547917669fef2b54253cc9c064990",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/c28f31deeacda307acfee2f18c0ad904e5123aac", "url": "https://git.kernel.org/stable/c/c28f31deeacda307acfee2f18c0ad904e5123aac",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/cf187601053ecaf671ae645edb898901f81d03e9", "url": "https://git.kernel.org/stable/c/cf187601053ecaf671ae645edb898901f81d03e9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/ecf798573bbe0805803f7764e12a34b4bcc65074", "url": "https://git.kernel.org/stable/c/ecf798573bbe0805803f7764e12a34b4bcc65074",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/fa2a9f625f185c6acb4ee5be8d71359a567afac9", "url": "https://git.kernel.org/stable/c/fa2a9f625f185c6acb4ee5be8d71359a567afac9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

98
CVE-2025/CVE-2025-220xx/CVE-2025-22036.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-22036", "id": "CVE-2025-22036",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-04-16T15:15:56.217", "published": "2025-04-16T15:15:56.217",
"lastModified": "2025-04-17T20:22:16.240", "lastModified": "2025-04-29T18:58:37.880",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,23 +15,107 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: exfat: corrige la corrupci\u00f3n de pila aleatoria despu\u00e9s de get_block Cuando se llama a get_block con un buffer_head asignado en la pila, como do_mpage_readpage, puede ocurrir una corrupci\u00f3n de pila debido a buffer_head UAF en la siguiente situaci\u00f3n de condici\u00f3n de ejecuci\u00f3n. mpage_read_folio <> do_mpage_readpage exfat_get_block bh_read __bh_read get_bh(bh) submit_bh wait_on_buffer ... end_buffer_read_sync __end_buffer_read_notouch unlock_buffer <> ... ... ... ... <> . . another_function <> put_bh(bh) atomic_dec(bh->b_count) * Corrupci\u00f3n de pila aqu\u00ed * Este parche devuelve -EAGAIN si un folio no tiene b\u00faferes cuando se necesita llamar a bh_read. De esta manera, quien lo llama puede recurrir a funciones como block_read_full_folio(), crear un buffer_head en el folio y luego volver a llamar a get_block. No llamemos a bh_read() con buffer_head en la pila." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: exfat: corrige la corrupci\u00f3n de pila aleatoria despu\u00e9s de get_block Cuando se llama a get_block con un buffer_head asignado en la pila, como do_mpage_readpage, puede ocurrir una corrupci\u00f3n de pila debido a buffer_head UAF en la siguiente situaci\u00f3n de condici\u00f3n de ejecuci\u00f3n. mpage_read_folio <> do_mpage_readpage exfat_get_block bh_read __bh_read get_bh(bh) submit_bh wait_on_buffer ... end_buffer_read_sync __end_buffer_read_notouch unlock_buffer <> ... ... ... ... <> . . another_function <> put_bh(bh) atomic_dec(bh->b_count) * Corrupci\u00f3n de pila aqu\u00ed * Este parche devuelve -EAGAIN si un folio no tiene b\u00faferes cuando se necesita llamar a bh_read. De esta manera, quien lo llama puede recurrir a funciones como block_read_full_folio(), crear un buffer_head en el folio y luego volver a llamar a get_block. No llamemos a bh_read() con buffer_head en la pila."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-362"
},
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.8",
"versionEndExcluding": "6.12.23",
"matchCriteriaId": "70C1AA27-E71C-467A-AB28-979034C2B6CA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.13",
"versionEndExcluding": "6.13.11",
"matchCriteriaId": "E7E864B0-8C00-4679-BA55-659B4C9C3AD3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.14",
"versionEndExcluding": "6.14.2",
"matchCriteriaId": "FADAE5D8-4808-442C-B218-77B2CE8780A0"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/1bb7ff4204b6d4927e982cd256286c09ed4fd8ca", "url": "https://git.kernel.org/stable/c/1bb7ff4204b6d4927e982cd256286c09ed4fd8ca",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/49b0a6ab8e528a0c1c50e37cef9b9c7c121365f2", "url": "https://git.kernel.org/stable/c/49b0a6ab8e528a0c1c50e37cef9b9c7c121365f2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/f7447286363dc1e410bf30b87d75168f3519f9cc", "url": "https://git.kernel.org/stable/c/f7447286363dc1e410bf30b87d75168f3519f9cc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/f807a6bf2005740fa26b4f59c4a003dc966b9afd", "url": "https://git.kernel.org/stable/c/f807a6bf2005740fa26b4f59c4a003dc966b9afd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

93
CVE-2025/CVE-2025-220xx/CVE-2025-22037.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-22037", "id": "CVE-2025-22037",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-04-16T15:15:56.310", "published": "2025-04-16T15:15:56.310",
"lastModified": "2025-04-17T20:22:16.240", "lastModified": "2025-04-29T19:03:20.673",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,23 +15,102 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ksmbd: se corrige la desreferencia de puntero nulo en alloc_preauth_hash(). El cliente env\u00eda una solicitud de negociaci\u00f3n de SMB2 mal formada. ksmbd devuelve una respuesta de error. Posteriormente, el cliente puede enviar la configuraci\u00f3n de sesi\u00f3n de SMB2 incluso si conn->preauth_info no est\u00e1 asignado. Este parche a\u00f1ade el estado de conexi\u00f3n KSMBD_SESS_NEED_SETUP para ignorar la solicitud de configuraci\u00f3n de sesi\u00f3n si la fase de negociaci\u00f3n de SMB2 no se completa." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ksmbd: se corrige la desreferencia de puntero nulo en alloc_preauth_hash(). El cliente env\u00eda una solicitud de negociaci\u00f3n de SMB2 mal formada. ksmbd devuelve una respuesta de error. Posteriormente, el cliente puede enviar la configuraci\u00f3n de sesi\u00f3n de SMB2 incluso si conn->preauth_info no est\u00e1 asignado. Este parche a\u00f1ade el estado de conexi\u00f3n KSMBD_SESS_NEED_SETUP para ignorar la solicitud de configuraci\u00f3n de sesi\u00f3n si la fase de negociaci\u00f3n de SMB2 no se completa."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.23",
"matchCriteriaId": "17B5E5A5-D687-44D7-9EFF-19633C9746A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.13",
"versionEndExcluding": "6.13.11",
"matchCriteriaId": "E7E864B0-8C00-4679-BA55-659B4C9C3AD3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.14",
"versionEndExcluding": "6.14.2",
"matchCriteriaId": "FADAE5D8-4808-442C-B218-77B2CE8780A0"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/8f216b33a5e1b3489c073b1ea1b3d7cb63c8dc4d", "url": "https://git.kernel.org/stable/c/8f216b33a5e1b3489c073b1ea1b3d7cb63c8dc4d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/b8eb243e670ecf30e91524dd12f7260dac07d335", "url": "https://git.kernel.org/stable/c/b8eb243e670ecf30e91524dd12f7260dac07d335",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/c8b5b7c5da7d0c31c9b7190b4a7bba5281fc4780", "url": "https://git.kernel.org/stable/c/c8b5b7c5da7d0c31c9b7190b4a7bba5281fc4780",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/ca8bed31edf728a662ef9d6f39f50e7a7dc2b5ad", "url": "https://git.kernel.org/stable/c/ca8bed31edf728a662ef9d6f39f50e7a7dc2b5ad",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

117
CVE-2025/CVE-2025-220xx/CVE-2025-22038.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-22038", "id": "CVE-2025-22038",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-04-16T15:15:56.400", "published": "2025-04-16T15:15:56.400",
"lastModified": "2025-04-17T20:22:16.240", "lastModified": "2025-04-29T19:04:21.897",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,31 +15,130 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ksmbd: validar num_subauth a cero antes de acceder a sub_auth. Acceder a psid->sub_auth[psid->num_subauth - 1] sin comprobar si num_subauth es distinto de cero provoca una lectura fuera de los l\u00edmites. Este parche a\u00f1ade un paso de validaci\u00f3n para garantizar que num_subauth sea != 0 antes de acceder a sub_auth." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ksmbd: validar num_subauth a cero antes de acceder a sub_auth. Acceder a psid->sub_auth[psid->num_subauth - 1] sin comprobar si num_subauth es distinto de cero provoca una lectura fuera de los l\u00edmites. Este parche a\u00f1ade un paso de validaci\u00f3n para garantizar que num_subauth sea != 0 antes de acceder a sub_auth."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.134",
"matchCriteriaId": "2EFC4C26-A1CE-49FA-98FE-0CF323672E9B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.87",
"matchCriteriaId": "EFF24260-49B1-4251-9477-C564CFDAD25B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.12.23",
"matchCriteriaId": "26CAB76D-F00F-43CE-BEAD-7097F8FB1D6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.13",
"versionEndExcluding": "6.13.11",
"matchCriteriaId": "E7E864B0-8C00-4679-BA55-659B4C9C3AD3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.14",
"versionEndExcluding": "6.14.2",
"matchCriteriaId": "FADAE5D8-4808-442C-B218-77B2CE8780A0"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/0e36a3e080d6d8bd7a34e089345d043da4ac8283", "url": "https://git.kernel.org/stable/c/0e36a3e080d6d8bd7a34e089345d043da4ac8283",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/3ac65de111c686c95316ade660f8ba7aea3cd3cc", "url": "https://git.kernel.org/stable/c/3ac65de111c686c95316ade660f8ba7aea3cd3cc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/56de7778a48560278c334077ace7b9ac4bfb2fd1", "url": "https://git.kernel.org/stable/c/56de7778a48560278c334077ace7b9ac4bfb2fd1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/68c6c3142bfcdb049839d40a9a59ebe8ea865002", "url": "https://git.kernel.org/stable/c/68c6c3142bfcdb049839d40a9a59ebe8ea865002",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/bf21e29d78cd2c2371023953d9c82dfef82ebb36", "url": "https://git.kernel.org/stable/c/bf21e29d78cd2c2371023953d9c82dfef82ebb36",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/c8bfe1954a0b89e7b29b3a3e7f4c5e0ebd295e20", "url": "https://git.kernel.org/stable/c/c8bfe1954a0b89e7b29b3a3e7f4c5e0ebd295e20",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

82
CVE-2025/CVE-2025-220xx/CVE-2025-22051.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-22051", "id": "CVE-2025-22051",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-04-16T15:15:58.547", "published": "2025-04-16T15:15:58.547",
"lastModified": "2025-04-17T20:22:16.240", "lastModified": "2025-04-29T19:03:46.900",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,19 +15,89 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: staging: gpib: Se corrige el error \"Oops\" tras la desconexi\u00f3n en USB de Agilent. Si se desconecta la llave USB de Agilent, las llamadas posteriores al controlador provocan una desreferencia \"Oops\" nula, ya que bus_interface se establece en nulo al desconectarse. Este problema se origin\u00f3 al configurar \"usb_dev\" desde bus_interface para los mensajes \"dev_xxx\". Anteriormente, bus_interface solo se verificaba para detectar valores nulos en las funciones que invocaban directamente usb_fill_bulk_urb o usb_control_msg. Compruebe que bus_interface sea v\u00e1lido en todos los puntos de entrada de la interfaz y devuelva -ENODEV si es nulo." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: staging: gpib: Se corrige el error \"Oops\" tras la desconexi\u00f3n en USB de Agilent. Si se desconecta la llave USB de Agilent, las llamadas posteriores al controlador provocan una desreferencia \"Oops\" nula, ya que bus_interface se establece en nulo al desconectarse. Este problema se origin\u00f3 al configurar \"usb_dev\" desde bus_interface para los mensajes \"dev_xxx\". Anteriormente, bus_interface solo se verificaba para detectar valores nulos en las funciones que invocaban directamente usb_fill_bulk_urb o usb_control_msg. Compruebe que bus_interface sea v\u00e1lido en todos los puntos de entrada de la interfaz y devuelva -ENODEV si es nulo."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.13",
"versionEndExcluding": "6.13.11",
"matchCriteriaId": "E7E864B0-8C00-4679-BA55-659B4C9C3AD3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.14",
"versionEndExcluding": "6.14.2",
"matchCriteriaId": "FADAE5D8-4808-442C-B218-77B2CE8780A0"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/50ef6e45bec79da4c5a01fad4dc23466ba255099", "url": "https://git.kernel.org/stable/c/50ef6e45bec79da4c5a01fad4dc23466ba255099",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/8491e73a5223acb0a4b4d78c3f8b96aa9c5e774d", "url": "https://git.kernel.org/stable/c/8491e73a5223acb0a4b4d78c3f8b96aa9c5e774d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/e88633705078f40391a9afc6cc8ea3025e6f692b", "url": "https://git.kernel.org/stable/c/e88633705078f40391a9afc6cc8ea3025e6f692b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

82
CVE-2025/CVE-2025-220xx/CVE-2025-22052.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-22052", "id": "CVE-2025-22052",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-04-16T15:15:58.650", "published": "2025-04-16T15:15:58.650",
"lastModified": "2025-04-17T20:22:16.240", "lastModified": "2025-04-29T18:50:16.490",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,19 +15,89 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: staging: gpib: Se corrige el error \"Oops\" tras la desconexi\u00f3n en ni_usb. Si la llave USB se desconecta, las llamadas posteriores al controlador provocan una desreferencia \"Oops\" a NULL, ya que bus_interface se establece en NULL al desconectarse. Este problema se introdujo al configurar \"usb_dev\" desde bus_interface para los mensajes \"dev_xxx\". Anteriormente, bus_interface solo se verificaba para NULL en las funciones que llamaban directamente a usb_fill_bulk_urb o usb_control_msg. Compruebe si bus_interface es v\u00e1lido en todos los puntos de entrada de la interfaz y devuelva -ENODEV si es NULL." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: staging: gpib: Se corrige el error \"Oops\" tras la desconexi\u00f3n en ni_usb. Si la llave USB se desconecta, las llamadas posteriores al controlador provocan una desreferencia \"Oops\" a NULL, ya que bus_interface se establece en NULL al desconectarse. Este problema se introdujo al configurar \"usb_dev\" desde bus_interface para los mensajes \"dev_xxx\". Anteriormente, bus_interface solo se verificaba para NULL en las funciones que llamaban directamente a usb_fill_bulk_urb o usb_control_msg. Compruebe si bus_interface es v\u00e1lido en todos los puntos de entrada de la interfaz y devuelva -ENODEV si es NULL."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.13",
"versionEndExcluding": "6.13.11",
"matchCriteriaId": "E7E864B0-8C00-4679-BA55-659B4C9C3AD3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.14",
"versionEndExcluding": "6.14.2",
"matchCriteriaId": "FADAE5D8-4808-442C-B218-77B2CE8780A0"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/5dc98ba6f7304c188b267ef481281849638447bf", "url": "https://git.kernel.org/stable/c/5dc98ba6f7304c188b267ef481281849638447bf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/a239c6e91b665f1837cf57b97fe638ef1baf2e78", "url": "https://git.kernel.org/stable/c/a239c6e91b665f1837cf57b97fe638ef1baf2e78",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/b2d8d7959077c5d4b11d0dc6bd2167791fd1c72e", "url": "https://git.kernel.org/stable/c/b2d8d7959077c5d4b11d0dc6bd2167791fd1c72e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

161
CVE-2025/CVE-2025-220xx/CVE-2025-22054.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-22054", "id": "CVE-2025-22054",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-04-16T15:15:58.877", "published": "2025-04-16T15:15:58.877",
"lastModified": "2025-04-17T20:22:16.240", "lastModified": "2025-04-29T18:50:38.753",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,43 +15,180 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: arcnet: Se ha a\u00f1adido una comprobaci\u00f3n de valores NULL en com20020pci_probe(). Devm_kasprintf() devuelve NULL cuando falla la asignaci\u00f3n de memoria. Actualmente, com20020pci_probe() no realiza la comprobaci\u00f3n en este caso, lo que provoca una desreferencia de puntero NULL. Se ha a\u00f1adido una comprobaci\u00f3n de valores NULL despu\u00e9s de devm_kasprintf() para evitar este problema y garantizar que no queden recursos asignados." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: arcnet: Se ha a\u00f1adido una comprobaci\u00f3n de valores NULL en com20020pci_probe(). Devm_kasprintf() devuelve NULL cuando falla la asignaci\u00f3n de memoria. Actualmente, com20020pci_probe() no realiza la comprobaci\u00f3n en este caso, lo que provoca una desreferencia de puntero NULL. Se ha a\u00f1adido una comprobaci\u00f3n de valores NULL despu\u00e9s de devm_kasprintf() para evitar este problema y garantizar que no queden recursos asignados."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.302",
"versionEndExcluding": "4.20",
"matchCriteriaId": "2AB35967-8241-4BF5-B781-B331B439E208"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4.264",
"versionEndExcluding": "5.4.292",
"matchCriteriaId": "466839A4-3C33-47A2-B10A-2E6458F6402B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10.204",
"versionEndExcluding": "5.10.236",
"matchCriteriaId": "6D92647B-3F46-4C6E-AF9A-2CF8EB5481CB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15.143",
"versionEndExcluding": "5.15.180",
"matchCriteriaId": "2B613361-61A7-44A1-A33A-16F2CAE3FC63"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.1.68",
"versionEndExcluding": "6.1.134",
"matchCriteriaId": "A47C1E9A-84FB-4B9B-8BD3-A68A56324DC3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.6.7",
"versionEndExcluding": "6.6.87",
"matchCriteriaId": "2C5C554F-6530-44F2-9591-63A8A54CAF02"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.12.23",
"matchCriteriaId": "26CAB76D-F00F-43CE-BEAD-7097F8FB1D6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.13",
"versionEndExcluding": "6.13.11",
"matchCriteriaId": "E7E864B0-8C00-4679-BA55-659B4C9C3AD3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.14",
"versionEndExcluding": "6.14.2",
"matchCriteriaId": "FADAE5D8-4808-442C-B218-77B2CE8780A0"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/661cf5d102949898c931e81fd4e1c773afcdeafa", "url": "https://git.kernel.org/stable/c/661cf5d102949898c931e81fd4e1c773afcdeafa",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/887226163504494ea7e58033a97c2d2ab12e05d4", "url": "https://git.kernel.org/stable/c/887226163504494ea7e58033a97c2d2ab12e05d4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/905a34dc1ad9a53a8aaaf8a759ea5dbaaa30418d", "url": "https://git.kernel.org/stable/c/905a34dc1ad9a53a8aaaf8a759ea5dbaaa30418d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/a654f31b33515d39bb56c75fd8b26bef025ced7e", "url": "https://git.kernel.org/stable/c/a654f31b33515d39bb56c75fd8b26bef025ced7e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/be8a0decd0b59a52a07276f9ef3b33ef820b2179", "url": "https://git.kernel.org/stable/c/be8a0decd0b59a52a07276f9ef3b33ef820b2179",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/ebebeb58d48e25525fa654f2c53a24713fe141c3", "url": "https://git.kernel.org/stable/c/ebebeb58d48e25525fa654f2c53a24713fe141c3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/ececf8eff6c25acc239fa8f0fd837c76bc770547", "url": "https://git.kernel.org/stable/c/ececf8eff6c25acc239fa8f0fd837c76bc770547",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/ef8b29398ea6061ac8257f3e45c9be45cc004ce2", "url": "https://git.kernel.org/stable/c/ef8b29398ea6061ac8257f3e45c9be45cc004ce2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/fda8c491db2a90ff3e6fbbae58e495b4ddddeca3", "url": "https://git.kernel.org/stable/c/fda8c491db2a90ff3e6fbbae58e495b4ddddeca3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

142
CVE-2025/CVE-2025-220xx/CVE-2025-22056.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-22056", "id": "CVE-2025-22056",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-04-16T15:15:59.087", "published": "2025-04-16T15:15:59.087",
"lastModified": "2025-04-17T20:22:16.240", "lastModified": "2025-04-29T18:51:14.047",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,39 +15,159 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nft_tunnel: correcci\u00f3n de la adici\u00f3n por confusi\u00f3n de tipos en geneve_opt. Al gestionar varios atributos NFTA_TUNNEL_KEY_OPTS_GENEVE, la l\u00f3gica de an\u00e1lisis deber\u00eda colocar cada estructura geneve_opt una a una de forma compacta. Por lo tanto, al determinar la siguiente posici\u00f3n de geneve_opt, la adici\u00f3n del puntero deber\u00eda realizarse en unidades de char *. Sin embargo, la implementaci\u00f3n actual realiza err\u00f3neamente la conversi\u00f3n de tipos antes de la adici\u00f3n, lo que provoca escrituras fuera de los l\u00edmites en el mont\u00edculo. [ 6.989857] ======================================================================= [ 6.990293] ERROR: KASAN: slab-out-of-bounds in nft_tunnel_obj_init+0x977/0xa70 [ 6.990725] Write of size 124 at addr ffff888005f18974 by task poc/178 [ 6.991162] [ 6.991259] CPU: 0 PID: 178 Comm: poc-oob-write Not tainted 6.1.132 #1 [ 6.991655] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 [ 6.992281] Call Trace: [ 6.992423] [ 6.992586] dump_stack_lvl+0x44/0x5c [ 6.992801] print_report+0x184/0x4be [ 6.993790] kasan_report+0xc5/0x100 [ 6.994252] kasan_check_range+0xf3/0x1a0 [ 6.994486] memcpy+0x38/0x60 [ 6.994692] nft_tunnel_obj_init+0x977/0xa70 [ 6.995677] nft_obj_init+0x10c/0x1b0 [ 6.995891] nf_tables_newobj+0x585/0x950 [ 6.996922] nfnetlink_rcv_batch+0xdf9/0x1020 [ 6.998997] nfnetlink_rcv+0x1df/0x220 [ 6.999537] netlink_unicast+0x395/0x530 [ 7.000771] netlink_sendmsg+0x3d0/0x6d0 [ 7.001462] __sock_sendmsg+0x99/0xa0 [ 7.001707] ____sys_sendmsg+0x409/0x450 [ 7.002391] ___sys_sendmsg+0xfd/0x170 [ 7.003145] __sys_sendmsg+0xea/0x170 [ 7.004359] do_syscall_64+0x5e/0x90 [ 7.005817] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 [ 7.006127] RIP: 0033:0x7ec756d4e407 [ 7.006339] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 faf [ 7.007364] RSP: 002b:00007ffed5d46760 EFLAGS: 00000202 ORIG_RAX: 000000000000002e [ 7.007827] RAX: ffffffffffffffda RBX: 00007ec756cc4740 RCX: 00007ec756d4e407 [ 7.008223] RDX: 0000000000000000 RSI: 00007ffed5d467f0 RDI: 0000000000000003 [ 7.008620] RBP: 00007ffed5d468a0 R08: 0000000000000000 R09: 0000000000000000 [ 7.009039] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 7.009429] R13: 00007ffed5d478b0 R14: 00007ec756ee5000 R15: 00005cbd4e655cb8 Corrija este error con la correcta adici\u00f3n y conversi\u00f3n de punteros en el c\u00f3digo de an\u00e1lisis y volcado." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nft_tunnel: correcci\u00f3n de la adici\u00f3n por confusi\u00f3n de tipos en geneve_opt. Al gestionar varios atributos NFTA_TUNNEL_KEY_OPTS_GENEVE, la l\u00f3gica de an\u00e1lisis deber\u00eda colocar cada estructura geneve_opt una a una de forma compacta. Por lo tanto, al determinar la siguiente posici\u00f3n de geneve_opt, la adici\u00f3n del puntero deber\u00eda realizarse en unidades de char *. Sin embargo, la implementaci\u00f3n actual realiza err\u00f3neamente la conversi\u00f3n de tipos antes de la adici\u00f3n, lo que provoca escrituras fuera de los l\u00edmites en el mont\u00edculo. [ 6.989857] ======================================================================= [ 6.990293] ERROR: KASAN: slab-out-of-bounds in nft_tunnel_obj_init+0x977/0xa70 [ 6.990725] Write of size 124 at addr ffff888005f18974 by task poc/178 [ 6.991162] [ 6.991259] CPU: 0 PID: 178 Comm: poc-oob-write Not tainted 6.1.132 #1 [ 6.991655] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 [ 6.992281] Call Trace: [ 6.992423] [ 6.992586] dump_stack_lvl+0x44/0x5c [ 6.992801] print_report+0x184/0x4be [ 6.993790] kasan_report+0xc5/0x100 [ 6.994252] kasan_check_range+0xf3/0x1a0 [ 6.994486] memcpy+0x38/0x60 [ 6.994692] nft_tunnel_obj_init+0x977/0xa70 [ 6.995677] nft_obj_init+0x10c/0x1b0 [ 6.995891] nf_tables_newobj+0x585/0x950 [ 6.996922] nfnetlink_rcv_batch+0xdf9/0x1020 [ 6.998997] nfnetlink_rcv+0x1df/0x220 [ 6.999537] netlink_unicast+0x395/0x530 [ 7.000771] netlink_sendmsg+0x3d0/0x6d0 [ 7.001462] __sock_sendmsg+0x99/0xa0 [ 7.001707] ____sys_sendmsg+0x409/0x450 [ 7.002391] ___sys_sendmsg+0xfd/0x170 [ 7.003145] __sys_sendmsg+0xea/0x170 [ 7.004359] do_syscall_64+0x5e/0x90 [ 7.005817] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 [ 7.006127] RIP: 0033:0x7ec756d4e407 [ 7.006339] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 faf [ 7.007364] RSP: 002b:00007ffed5d46760 EFLAGS: 00000202 ORIG_RAX: 000000000000002e [ 7.007827] RAX: ffffffffffffffda RBX: 00007ec756cc4740 RCX: 00007ec756d4e407 [ 7.008223] RDX: 0000000000000000 RSI: 00007ffed5d467f0 RDI: 0000000000000003 [ 7.008620] RBP: 00007ffed5d468a0 R08: 0000000000000000 R09: 0000000000000000 [ 7.009039] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 7.009429] R13: 00007ffed5d478b0 R14: 00007ec756ee5000 R15: 00005cbd4e655cb8 Corrija este error con la correcta adici\u00f3n y conversi\u00f3n de punteros en el c\u00f3digo de an\u00e1lisis y volcado."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.7",
"versionEndExcluding": "5.10.236",
"matchCriteriaId": "1F9686CC-6114-42BE-BA92-079AFF3783A6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.180",
"matchCriteriaId": "D19801C8-3D18-405D-9989-E6C9B30255FA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.134",
"matchCriteriaId": "3985DEC3-0437-4177-BC42-314AB575285A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.87",
"matchCriteriaId": "EFF24260-49B1-4251-9477-C564CFDAD25B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.12.23",
"matchCriteriaId": "26CAB76D-F00F-43CE-BEAD-7097F8FB1D6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.13",
"versionEndExcluding": "6.13.11",
"matchCriteriaId": "E7E864B0-8C00-4679-BA55-659B4C9C3AD3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.14",
"versionEndExcluding": "6.14.2",
"matchCriteriaId": "FADAE5D8-4808-442C-B218-77B2CE8780A0"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/0a93a710d6df334b828ea064c6d39fda34f901dc", "url": "https://git.kernel.org/stable/c/0a93a710d6df334b828ea064c6d39fda34f901dc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/1b755d8eb1ace3870789d48fbd94f386ad6e30be", "url": "https://git.kernel.org/stable/c/1b755d8eb1ace3870789d48fbd94f386ad6e30be",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/28d88ee1e1cc8ac2d79aeb112717b97c5c833d43", "url": "https://git.kernel.org/stable/c/28d88ee1e1cc8ac2d79aeb112717b97c5c833d43",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/31d49eb436f2da61280508d7adf8c9b473b967aa", "url": "https://git.kernel.org/stable/c/31d49eb436f2da61280508d7adf8c9b473b967aa",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/446d94898c560ed2f61e26ae445858a4c4830762", "url": "https://git.kernel.org/stable/c/446d94898c560ed2f61e26ae445858a4c4830762",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/708e268acb3a446ad2a8a3d2e9bd41cc23660cd6", "url": "https://git.kernel.org/stable/c/708e268acb3a446ad2a8a3d2e9bd41cc23660cd6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/a263d31c8c92e5919d41af57d9479cfb66323782", "url": "https://git.kernel.org/stable/c/a263d31c8c92e5919d41af57d9479cfb66323782",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/ca2adfc03cd6273f0b589fe65afc6f75e0fe116e", "url": "https://git.kernel.org/stable/c/ca2adfc03cd6273f0b589fe65afc6f75e0fe116e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

154
CVE-2025/CVE-2025-220xx/CVE-2025-22063.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-22063", "id": "CVE-2025-22063",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-04-16T15:15:59.777", "published": "2025-04-16T15:15:59.777",
"lastModified": "2025-04-17T20:22:16.240", "lastModified": "2025-04-29T18:51:32.240",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,43 +15,173 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netlabel: Se corrige la excepci\u00f3n de puntero nulo causada por CALIPSO en sockets IPv4. Al llamar a netlbl_conn_setattr(), se utiliza addr->sa_family para determinar el comportamiento de la funci\u00f3n. Si sk es un socket IPv4, pero se llama a la funci\u00f3n connect con una direcci\u00f3n IPv6, se activa la funci\u00f3n calipso_sock_setattr(). Dentro de esta funci\u00f3n, se ejecuta el siguiente c\u00f3digo: sk_fullsock(__sk) ? inet_sk(__sk)->pinet6 : NULL; Dado que sk es un socket IPv4, pinet6 es NULL, lo que provoca una desreferencia de puntero nulo. Este parche corrige el problema comprobando si inet6_sk(sk) devuelve un puntero nulo antes de acceder a pinet6." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netlabel: Se corrige la excepci\u00f3n de puntero nulo causada por CALIPSO en sockets IPv4. Al llamar a netlbl_conn_setattr(), se utiliza addr->sa_family para determinar el comportamiento de la funci\u00f3n. Si sk es un socket IPv4, pero se llama a la funci\u00f3n connect con una direcci\u00f3n IPv6, se activa la funci\u00f3n calipso_sock_setattr(). Dentro de esta funci\u00f3n, se ejecuta el siguiente c\u00f3digo: sk_fullsock(__sk) ? inet_sk(__sk)->pinet6 : NULL; Dado que sk es un socket IPv4, pinet6 es NULL, lo que provoca una desreferencia de puntero nulo. Este parche corrige el problema comprobando si inet6_sk(sk) devuelve un puntero nulo antes de acceder a pinet6."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.8",
"versionEndExcluding": "5.4.292",
"matchCriteriaId": "32BA1759-052A-44B8-BE23-8F8840600FA6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.236",
"matchCriteriaId": "1DF46FB0-9163-4ABE-8CCA-32A497D4715B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.180",
"matchCriteriaId": "D19801C8-3D18-405D-9989-E6C9B30255FA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.134",
"matchCriteriaId": "3985DEC3-0437-4177-BC42-314AB575285A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.87",
"matchCriteriaId": "EFF24260-49B1-4251-9477-C564CFDAD25B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.12.23",
"matchCriteriaId": "26CAB76D-F00F-43CE-BEAD-7097F8FB1D6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.13",
"versionEndExcluding": "6.13.11",
"matchCriteriaId": "E7E864B0-8C00-4679-BA55-659B4C9C3AD3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.14",
"versionEndExcluding": "6.14.2",
"matchCriteriaId": "FADAE5D8-4808-442C-B218-77B2CE8780A0"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/078aabd567de3d63d37d7673f714e309d369e6e2", "url": "https://git.kernel.org/stable/c/078aabd567de3d63d37d7673f714e309d369e6e2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/172a8a996a337206970467e871dd995ac07640b1", "url": "https://git.kernel.org/stable/c/172a8a996a337206970467e871dd995ac07640b1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/1927d0bcd5b81e80971bf6b8eba267508bd1c78b", "url": "https://git.kernel.org/stable/c/1927d0bcd5b81e80971bf6b8eba267508bd1c78b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/1ad9166cab6a0f5c0b10344a97bdf749ae11dcbf", "url": "https://git.kernel.org/stable/c/1ad9166cab6a0f5c0b10344a97bdf749ae11dcbf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/1e38f7a6cdd68377f8a4189b2fbaec14a6dd5152", "url": "https://git.kernel.org/stable/c/1e38f7a6cdd68377f8a4189b2fbaec14a6dd5152",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/3ba9cf69de50e8abed32b448616c313baa4c5712", "url": "https://git.kernel.org/stable/c/3ba9cf69de50e8abed32b448616c313baa4c5712",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/797e5371cf55463b4530bab3fef5f27f7c6657a8", "url": "https://git.kernel.org/stable/c/797e5371cf55463b4530bab3fef5f27f7c6657a8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/9fe3839588db7519030377b7dee3f165e654f6c5", "url": "https://git.kernel.org/stable/c/9fe3839588db7519030377b7dee3f165e654f6c5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/a7e89541d05b98c79a51c0f95df020f8e82b62ed", "url": "https://git.kernel.org/stable/c/a7e89541d05b98c79a51c0f95df020f8e82b62ed",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

40
CVE-2025/CVE-2025-22xx/CVE-2025-2279.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-2279", "id": "CVE-2025-2279",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2025-04-04T06:15:40.757", "published": "2025-04-04T06:15:40.757",
"lastModified": "2025-04-07T14:18:15.560", "lastModified": "2025-04-29T19:42:04.570",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -39,10 +39,44 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:robosoft:maps:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.6",
"matchCriteriaId": "4CDF96FD-A415-4D31-AC49-D0BE3EE15099"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://wpscan.com/vulnerability/cd87d7ba-86e9-45b6-a3cd-11f6486f0bd0/", "url": "https://wpscan.com/vulnerability/cd87d7ba-86e9-45b6-a3cd-11f6486f0bd0/",
"source": "contact@wpscan.com" "source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

94
CVE-2025/CVE-2025-231xx/CVE-2025-23134.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-23134", "id": "CVE-2025-23134",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-04-16T15:16:07.797", "published": "2025-04-16T15:16:07.797",
"lastModified": "2025-04-17T20:22:16.240", "lastModified": "2025-04-29T18:51:59.833",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,23 +15,103 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: temporizador: No se utiliza register_mutex con copy_from/to_user(). El infame bloqueo mmap utilizado en copy_from/to_user() puede ser problem\u00e1tico cuando se invoca dentro de otro mutex, ya que podr\u00eda provocar interbloqueos. En el caso del c\u00f3digo del temporizador ALSA, el patr\u00f3n incorrecto se encuentra en guard(mutex)(&register_mutex) que cubre copy_from/to_user(), que se introdujo por error al convertir a guard() y que ya se hab\u00eda solucionado cuidadosamente en el pasado. Este parche corrige estos problemas simplemente sacando copy_from/to_user() del bloqueo mutex de registro." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: temporizador: No se utiliza register_mutex con copy_from/to_user(). El infame bloqueo mmap utilizado en copy_from/to_user() puede ser problem\u00e1tico cuando se invoca dentro de otro mutex, ya que podr\u00eda provocar interbloqueos. En el caso del c\u00f3digo del temporizador ALSA, el patr\u00f3n incorrecto se encuentra en guard(mutex)(&register_mutex) que cubre copy_from/to_user(), que se introdujo por error al convertir a guard() y que ya se hab\u00eda solucionado cuidadosamente en el pasado. Este parche corrige estos problemas simplemente sacando copy_from/to_user() del bloqueo mutex de registro."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-667"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.9",
"versionEndExcluding": "6.12.23",
"matchCriteriaId": "10F3EB18-ACA3-4775-AC8D-C1CC227D2763"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.13",
"versionEndExcluding": "6.13.11",
"matchCriteriaId": "E7E864B0-8C00-4679-BA55-659B4C9C3AD3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.14",
"versionEndExcluding": "6.14.2",
"matchCriteriaId": "FADAE5D8-4808-442C-B218-77B2CE8780A0"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/15291b561d8cc835a2eea76b394070cf8e072771", "url": "https://git.kernel.org/stable/c/15291b561d8cc835a2eea76b394070cf8e072771",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/296f7a9e15aab276db11206cbc1e2ae1215d7862", "url": "https://git.kernel.org/stable/c/296f7a9e15aab276db11206cbc1e2ae1215d7862",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/3424c8f53bc63c87712a7fc22dc13d0cc85fb0d6", "url": "https://git.kernel.org/stable/c/3424c8f53bc63c87712a7fc22dc13d0cc85fb0d6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/b074f47e55df93832bbbca1b524c501e6fea1c0d", "url": "https://git.kernel.org/stable/c/b074f47e55df93832bbbca1b524c501e6fea1c0d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

154
CVE-2025/CVE-2025-231xx/CVE-2025-23136.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-23136", "id": "CVE-2025-23136",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-04-16T15:16:07.970", "published": "2025-04-16T15:16:07.970",
"lastModified": "2025-04-17T20:22:16.240", "lastModified": "2025-04-29T18:53:02.607",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,43 +15,173 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: t\u00e9rmica: int340x: A\u00f1adir comprobaci\u00f3n de valores nulos para adev. No todos los dispositivos tienen un nodo auxiliar ACPI, por lo que adev podr\u00eda ser nulo. Esto es similar a el commit cd2fd6eab480 (\"plataforma/x86: int3472: Comprobar si adev == NULL\"). A\u00f1adir una comprobaci\u00f3n para comprobar si adev no est\u00e1 configurado y devolver -ENODEV en ese caso para evitar una posible desreferencia de puntero nulo en int3402_thermal_probe(). Cabe destacar que, en el mismo directorio, int3400_thermal_probe() cuenta con dicha comprobaci\u00f3n. [rjw: Edici\u00f3n del tema, correcciones a\u00f1adidas]" "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: t\u00e9rmica: int340x: A\u00f1adir comprobaci\u00f3n de valores nulos para adev. No todos los dispositivos tienen un nodo auxiliar ACPI, por lo que adev podr\u00eda ser nulo. Esto es similar a el commit cd2fd6eab480 (\"plataforma/x86: int3472: Comprobar si adev == NULL\"). A\u00f1adir una comprobaci\u00f3n para comprobar si adev no est\u00e1 configurado y devolver -ENODEV en ese caso para evitar una posible desreferencia de puntero nulo en int3402_thermal_probe(). Cabe destacar que, en el mismo directorio, int3400_thermal_probe() cuenta con dicha comprobaci\u00f3n. [rjw: Edici\u00f3n del tema, correcciones a\u00f1adidas]"
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.18",
"versionEndExcluding": "5.4.292",
"matchCriteriaId": "32214D12-FD5B-4EDF-B8E3-FC4C2B886603"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.236",
"matchCriteriaId": "1DF46FB0-9163-4ABE-8CCA-32A497D4715B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.180",
"matchCriteriaId": "D19801C8-3D18-405D-9989-E6C9B30255FA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.134",
"matchCriteriaId": "3985DEC3-0437-4177-BC42-314AB575285A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.87",
"matchCriteriaId": "EFF24260-49B1-4251-9477-C564CFDAD25B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.12.23",
"matchCriteriaId": "26CAB76D-F00F-43CE-BEAD-7097F8FB1D6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.13",
"versionEndExcluding": "6.13.11",
"matchCriteriaId": "E7E864B0-8C00-4679-BA55-659B4C9C3AD3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.14",
"versionEndExcluding": "6.14.2",
"matchCriteriaId": "FADAE5D8-4808-442C-B218-77B2CE8780A0"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/0c49f12c77b77a706fd41370c11910635e491845", "url": "https://git.kernel.org/stable/c/0c49f12c77b77a706fd41370c11910635e491845",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/2542a3f70e563a9e70e7ded314286535a3321bdb", "url": "https://git.kernel.org/stable/c/2542a3f70e563a9e70e7ded314286535a3321bdb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/3155d5261b518776d1b807d9d922669991bbee56", "url": "https://git.kernel.org/stable/c/3155d5261b518776d1b807d9d922669991bbee56",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/6a810c462f099353e908c70619638884cb82229c", "url": "https://git.kernel.org/stable/c/6a810c462f099353e908c70619638884cb82229c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/8e8f1ddf4186731649df8bc9646017369eb19186", "url": "https://git.kernel.org/stable/c/8e8f1ddf4186731649df8bc9646017369eb19186",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/953d28a4f459fcbde2d08f51aeca19d6b0f179f3", "url": "https://git.kernel.org/stable/c/953d28a4f459fcbde2d08f51aeca19d6b0f179f3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/ac2eb7378319e3836cdf3a2c15a0bdf04c50e81d", "url": "https://git.kernel.org/stable/c/ac2eb7378319e3836cdf3a2c15a0bdf04c50e81d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/bc7b5f782d28942dbdfda70df30ce132694a06de", "url": "https://git.kernel.org/stable/c/bc7b5f782d28942dbdfda70df30ce132694a06de",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/d0d21c8e44216fa9afdb3809edf213f3c0a8c060", "url": "https://git.kernel.org/stable/c/d0d21c8e44216fa9afdb3809edf213f3c0a8c060",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

70
CVE-2025/CVE-2025-231xx/CVE-2025-23137.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-23137", "id": "CVE-2025-23137",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-04-16T15:16:08.080", "published": "2025-04-16T15:16:08.080",
"lastModified": "2025-04-17T20:22:16.240", "lastModified": "2025-04-29T18:53:31.417",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,15 +15,75 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cpufreq/amd-pstate: Agregar comprobaci\u00f3n ptr NULL faltante en amd_pstate_update Verifique si la pol\u00edtica es NULL antes de desreferenciarla en amd_pstate_update." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cpufreq/amd-pstate: Agregar comprobaci\u00f3n ptr NULL faltante en amd_pstate_update Verifique si la pol\u00edtica es NULL antes de desreferenciarla en amd_pstate_update."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.11",
"versionEndExcluding": "6.14.2",
"matchCriteriaId": "87A5D8CD-10C9-4039-BAFF-5E077E407F87"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/426db24d4db2e4f0d6720aeb7795eafcb9e82640", "url": "https://git.kernel.org/stable/c/426db24d4db2e4f0d6720aeb7795eafcb9e82640",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/b99c1c63d88c75a4dc5487c3696cda38697b8d35", "url": "https://git.kernel.org/stable/c/b99c1c63d88c75a4dc5487c3696cda38697b8d35",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

78
CVE-2025/CVE-2025-33xx/CVE-2025-3333.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-3333", "id": "CVE-2025-3333",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2025-04-07T03:15:22.307", "published": "2025-04-07T03:15:22.307",
"lastModified": "2025-04-07T14:17:50.220", "lastModified": "2025-04-29T19:39:40.330",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -63,7 +63,7 @@
"cvssMetricV31": [ "cvssMetricV31": [
{ {
"source": "cna@vuldb.com", "source": "cna@vuldb.com",
"type": "Primary", "type": "Secondary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
@ -80,6 +80,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 3.4 "impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
], ],
"cvssMetricV2": [ "cvssMetricV2": [
@ -122,24 +142,68 @@
"value": "CWE-89" "value": "CWE-89"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:online_restaurant_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F45638F7-8DDF-4E00-A3D9-C2DE0E726C17"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://github.com/p1026/CVE/issues/47", "url": "https://github.com/p1026/CVE/issues/47",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?ctiid.303547", "url": "https://vuldb.com/?ctiid.303547",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?id.303547", "url": "https://vuldb.com/?id.303547",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?submit.551907", "url": "https://vuldb.com/?submit.551907",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
} }
] ]
} }

78
CVE-2025/CVE-2025-33xx/CVE-2025-3334.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-3334", "id": "CVE-2025-3334",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2025-04-07T04:15:26.117", "published": "2025-04-07T04:15:26.117",
"lastModified": "2025-04-07T14:17:50.220", "lastModified": "2025-04-29T19:33:04.337",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -63,7 +63,7 @@
"cvssMetricV31": [ "cvssMetricV31": [
{ {
"source": "cna@vuldb.com", "source": "cna@vuldb.com",
"type": "Primary", "type": "Secondary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
@ -80,6 +80,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 3.4 "impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
], ],
"cvssMetricV2": [ "cvssMetricV2": [
@ -122,24 +142,68 @@
"value": "CWE-89" "value": "CWE-89"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:online_restaurant_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F45638F7-8DDF-4E00-A3D9-C2DE0E726C17"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://github.com/p1026/CVE/issues/48", "url": "https://github.com/p1026/CVE/issues/48",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?ctiid.303548", "url": "https://vuldb.com/?ctiid.303548",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?id.303548", "url": "https://vuldb.com/?id.303548",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?submit.551908", "url": "https://vuldb.com/?submit.551908",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
} }
] ]
} }

78
CVE-2025/CVE-2025-33xx/CVE-2025-3338.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-3338", "id": "CVE-2025-3338",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2025-04-07T06:15:40.547", "published": "2025-04-07T06:15:40.547",
"lastModified": "2025-04-07T14:17:50.220", "lastModified": "2025-04-29T19:29:51.553",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -63,7 +63,7 @@
"cvssMetricV31": [ "cvssMetricV31": [
{ {
"source": "cna@vuldb.com", "source": "cna@vuldb.com",
"type": "Primary", "type": "Secondary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
@ -80,6 +80,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 3.4 "impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
], ],
"cvssMetricV2": [ "cvssMetricV2": [
@ -122,24 +142,68 @@
"value": "CWE-89" "value": "CWE-89"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:online_restaurant_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F45638F7-8DDF-4E00-A3D9-C2DE0E726C17"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://github.com/p1026/CVE/issues/52", "url": "https://github.com/p1026/CVE/issues/52",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?ctiid.303552", "url": "https://vuldb.com/?ctiid.303552",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?id.303552", "url": "https://vuldb.com/?id.303552",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?submit.551912", "url": "https://vuldb.com/?submit.551912",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
} }
] ]
} }

78
CVE-2025/CVE-2025-33xx/CVE-2025-3339.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-3339", "id": "CVE-2025-3339",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2025-04-07T06:15:40.823", "published": "2025-04-07T06:15:40.823",
"lastModified": "2025-04-07T14:17:50.220", "lastModified": "2025-04-29T19:29:05.240",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -63,7 +63,7 @@
"cvssMetricV31": [ "cvssMetricV31": [
{ {
"source": "cna@vuldb.com", "source": "cna@vuldb.com",
"type": "Primary", "type": "Secondary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
@ -80,6 +80,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 3.4 "impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
], ],
"cvssMetricV2": [ "cvssMetricV2": [
@ -122,24 +142,68 @@
"value": "CWE-89" "value": "CWE-89"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:online_restaurant_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F45638F7-8DDF-4E00-A3D9-C2DE0E726C17"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://github.com/p1026/CVE/issues/53", "url": "https://github.com/p1026/CVE/issues/53",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?ctiid.303553", "url": "https://vuldb.com/?ctiid.303553",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?id.303553", "url": "https://vuldb.com/?id.303553",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?submit.551913", "url": "https://vuldb.com/?submit.551913",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
} }
] ]
} }

78
CVE-2025/CVE-2025-33xx/CVE-2025-3340.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-3340", "id": "CVE-2025-3340",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2025-04-07T07:15:39.067", "published": "2025-04-07T07:15:39.067",
"lastModified": "2025-04-07T14:17:50.220", "lastModified": "2025-04-29T19:25:09.687",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -63,7 +63,7 @@
"cvssMetricV31": [ "cvssMetricV31": [
{ {
"source": "cna@vuldb.com", "source": "cna@vuldb.com",
"type": "Primary", "type": "Secondary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
@ -80,6 +80,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 3.4 "impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
], ],
"cvssMetricV2": [ "cvssMetricV2": [
@ -122,24 +142,68 @@
"value": "CWE-89" "value": "CWE-89"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:online_restaurant_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F45638F7-8DDF-4E00-A3D9-C2DE0E726C17"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://github.com/p1026/CVE/issues/55", "url": "https://github.com/p1026/CVE/issues/55",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?ctiid.303554", "url": "https://vuldb.com/?ctiid.303554",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?id.303554", "url": "https://vuldb.com/?id.303554",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?submit.551914", "url": "https://vuldb.com/?submit.551914",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
} }
] ]
} }

86
CVE-2025/CVE-2025-37xx/CVE-2025-3729.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-3729", "id": "CVE-2025-3729",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2025-04-16T21:15:48.537", "published": "2025-04-16T21:15:48.537",
"lastModified": "2025-04-17T20:21:48.243", "lastModified": "2025-04-29T19:12:13.150",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -80,6 +80,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 3.4 "impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
], ],
"cvssMetricV2": [ "cvssMetricV2": [
@ -122,32 +142,82 @@
"value": "CWE-78" "value": "CWE-78"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:senior-walter:web-based_pharmacy_product_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB2DA030-DE10-4DA9-86D7-3E3E9A22DABC"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://github.com/yaklang/IRifyScanResult/blob/main/Web-based%20Pharmacy%20Product%20Management%20System/rce_in_backup.md", "url": "https://github.com/yaklang/IRifyScanResult/blob/main/Web-based%20Pharmacy%20Product%20Management%20System/rce_in_backup.md",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?ctiid.305075", "url": "https://vuldb.com/?ctiid.305075",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?id.305075", "url": "https://vuldb.com/?id.305075",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?submit.553631", "url": "https://vuldb.com/?submit.553631",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}, },
{ {
"url": "https://www.sourcecodester.com/", "url": "https://www.sourcecodester.com/",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Product"
]
}, },
{ {
"url": "https://github.com/yaklang/IRifyScanResult/blob/main/Web-based%20Pharmacy%20Product%20Management%20System/rce_in_backup.md", "url": "https://github.com/yaklang/IRifyScanResult/blob/main/Web-based%20Pharmacy%20Product%20Management%20System/rce_in_backup.md",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

78
CVE-2025/CVE-2025-39xx/CVE-2025-3911.json Normal file
View File

@ -0,0 +1,78 @@
{
"id": "CVE-2025-3911",
"sourceIdentifier": "security@docker.com",
"published": "2025-04-29T18:15:44.370",
"lastModified": "2025-04-29T18:15:44.370",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Recording of environment variables, configured for running containers, in Docker Desktop application logs could lead to\u00a0unintentional disclosure of sensitive information such as api keys, passwords, etc.\n\nA malicious actor with read access to these logs could obtain sensitive credentials information and further use it to gain unauthorized access to other systems. Starting with version 4.41.0, Docker Desktop no longer logs environment variables set by the user."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security@docker.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"subAvailabilityImpact": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security@docker.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"references": [
{
"url": "https://docs.docker.com/desktop/troubleshoot-and-support/troubleshoot/#check-the-logs",
"source": "security@docker.com"
}
]
}

98
CVE-2025/CVE-2025-39xx/CVE-2025-3928.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-3928", "id": "CVE-2025-3928",
"sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725", "sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725",
"published": "2025-04-25T16:15:27.817", "published": "2025-04-25T16:15:27.817",
"lastModified": "2025-04-29T13:52:28.490", "lastModified": "2025-04-29T19:48:41.463",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -80,6 +80,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
} }
] ]
}, },
@ -87,10 +107,82 @@
"cisaActionDue": "2025-05-17", "cisaActionDue": "2025-05-17",
"cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", "cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Commvault Web Server Unspecified Vulnerability", "cisaVulnerabilityName": "Commvault Web Server Unspecified Vulnerability",
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:commvault:commvault:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.20.0",
"versionEndExcluding": "11.20.217",
"matchCriteriaId": "A0178101-5B30-4072-B014-4562F43074D9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:commvault:commvault:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.28.0",
"versionEndExcluding": "11.28.141",
"matchCriteriaId": "4A2914BE-4680-40C4-8AFF-F76393197D84"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:commvault:commvault:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.32.0",
"versionEndExcluding": "11.32.89",
"matchCriteriaId": "0F02E229-C8E4-4BB1-821F-16BAB20E8CD4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:commvault:commvault:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.36.0",
"versionEndExcluding": "11.36.46",
"matchCriteriaId": "8DB5094F-DED6-4EAF-A06A-C6456F77C76D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://documentation.commvault.com/securityadvisories/CV_2025_03_1.html", "url": "https://documentation.commvault.com/securityadvisories/CV_2025_03_1.html",
"source": "9119a7d8-5eab-497f-8521-727c672e3725" "source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

10
CVE-2025/CVE-2025-40xx/CVE-2025-4069.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-4069", "id": "CVE-2025-4069",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2025-04-29T16:15:38.350", "published": "2025-04-29T16:15:38.350",
"lastModified": "2025-04-29T16:15:38.350", "lastModified": "2025-04-29T18:15:45.100",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -59,7 +59,7 @@
"cvssMetricV31": [ "cvssMetricV31": [
{ {
"source": "cna@vuldb.com", "source": "cna@vuldb.com",
"type": "Primary", "type": "Secondary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
@ -107,7 +107,7 @@
"weaknesses": [ "weaknesses": [
{ {
"source": "cna@vuldb.com", "source": "cna@vuldb.com",
"type": "Primary", "type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",
@ -140,6 +140,10 @@
{ {
"url": "https://vuldb.com/?submit.559516", "url": "https://vuldb.com/?submit.559516",
"source": "cna@vuldb.com" "source": "cna@vuldb.com"
},
{
"url": "https://github.com/zzzxc643/cve/blob/main/PRODUCT_MANAGEMENT_SYSTEM.md",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
} }
] ]
} }

10
CVE-2025/CVE-2025-40xx/CVE-2025-4070.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-4070", "id": "CVE-2025-4070",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2025-04-29T16:15:38.523", "published": "2025-04-29T16:15:38.523",
"lastModified": "2025-04-29T16:15:38.523", "lastModified": "2025-04-29T18:15:45.233",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -59,7 +59,7 @@
"cvssMetricV31": [ "cvssMetricV31": [
{ {
"source": "cna@vuldb.com", "source": "cna@vuldb.com",
"type": "Primary", "type": "Secondary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
@ -107,7 +107,7 @@
"weaknesses": [ "weaknesses": [
{ {
"source": "cna@vuldb.com", "source": "cna@vuldb.com",
"type": "Primary", "type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",
@ -140,6 +140,10 @@
{ {
"url": "https://vuldb.com/?submit.559620", "url": "https://vuldb.com/?submit.559620",
"source": "cna@vuldb.com" "source": "cna@vuldb.com"
},
{
"url": "https://github.com/Arcueicl/cve/issues/1",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
} }
] ]
} }

10
CVE-2025/CVE-2025-40xx/CVE-2025-4071.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-4071", "id": "CVE-2025-4071",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2025-04-29T16:15:38.697", "published": "2025-04-29T16:15:38.697",
"lastModified": "2025-04-29T16:15:38.697", "lastModified": "2025-04-29T18:15:45.357",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -59,7 +59,7 @@
"cvssMetricV31": [ "cvssMetricV31": [
{ {
"source": "cna@vuldb.com", "source": "cna@vuldb.com",
"type": "Primary", "type": "Secondary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
@ -107,7 +107,7 @@
"weaknesses": [ "weaknesses": [
{ {
"source": "cna@vuldb.com", "source": "cna@vuldb.com",
"type": "Primary", "type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",
@ -140,6 +140,10 @@
{ {
"url": "https://vuldb.com/?submit.559904", "url": "https://vuldb.com/?submit.559904",
"source": "cna@vuldb.com" "source": "cna@vuldb.com"
},
{
"url": "https://github.com/2634257398/CVE-/issues/1",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
} }
] ]
} }

10
CVE-2025/CVE-2025-40xx/CVE-2025-4072.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-4072", "id": "CVE-2025-4072",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2025-04-29T17:15:41.500", "published": "2025-04-29T17:15:41.500",
"lastModified": "2025-04-29T17:15:41.500", "lastModified": "2025-04-29T19:15:53.750",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -59,7 +59,7 @@
"cvssMetricV31": [ "cvssMetricV31": [
{ {
"source": "cna@vuldb.com", "source": "cna@vuldb.com",
"type": "Primary", "type": "Secondary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
@ -107,7 +107,7 @@
"weaknesses": [ "weaknesses": [
{ {
"source": "cna@vuldb.com", "source": "cna@vuldb.com",
"type": "Primary", "type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",
@ -140,6 +140,10 @@
{ {
"url": "https://vuldb.com/?submit.559939", "url": "https://vuldb.com/?submit.559939",
"source": "cna@vuldb.com" "source": "cna@vuldb.com"
},
{
"url": "https://github.com/Iandweb/CVE/issues/1",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
} }
] ]
} }

10
CVE-2025/CVE-2025-40xx/CVE-2025-4073.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-4073", "id": "CVE-2025-4073",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2025-04-29T17:15:41.730", "published": "2025-04-29T17:15:41.730",
"lastModified": "2025-04-29T17:15:41.730", "lastModified": "2025-04-29T19:15:53.880",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -59,7 +59,7 @@
"cvssMetricV31": [ "cvssMetricV31": [
{ {
"source": "cna@vuldb.com", "source": "cna@vuldb.com",
"type": "Primary", "type": "Secondary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
@ -107,7 +107,7 @@
"weaknesses": [ "weaknesses": [
{ {
"source": "cna@vuldb.com", "source": "cna@vuldb.com",
"type": "Primary", "type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",
@ -140,6 +140,10 @@
{ {
"url": "https://vuldb.com/?submit.559947", "url": "https://vuldb.com/?submit.559947",
"source": "cna@vuldb.com" "source": "cna@vuldb.com"
},
{
"url": "https://github.com/bleakTS/myCVE/issues/1",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
} }
] ]
} }

149
CVE-2025/CVE-2025-40xx/CVE-2025-4074.json Normal file
View File

@ -0,0 +1,149 @@
{
"id": "CVE-2025-4074",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-04-29T18:15:45.470",
"lastModified": "2025-04-29T18:15:45.470",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/pass-bwdates-report.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"baseScore": 7.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/bluechips-zhao/myCVE/issues/3",
"source": "cna@vuldb.com"
},
{
"url": "https://phpgurukul.com/",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.306511",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.306511",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.559983",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/bluechips-zhao/myCVE/issues/3",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

141
CVE-2025/CVE-2025-40xx/CVE-2025-4075.json Normal file
View File

@ -0,0 +1,141 @@
{
"id": "CVE-2025-4075",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-04-29T18:15:45.653",
"lastModified": "2025-04-29T18:15:45.653",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in VMSMan up to 20250416. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument Email with the input \"><script>alert(1)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"baseScore": 5.0,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.306512",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.306512",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.560212",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.560212",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

145
CVE-2025/CVE-2025-40xx/CVE-2025-4076.json Normal file
View File

@ -0,0 +1,145 @@
{
"id": "CVE-2025-4076",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-04-29T18:15:45.830",
"lastModified": "2025-04-29T18:15:45.830",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in LB-LINK BL-AC3600 up to 1.0.22. This affects the function easy_uci_set_option_string_0 of the file /cgi-bin/lighttpd.cgi of the component Password Handler. The manipulation of the argument routepwd leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseScore": 6.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://github.com/GrayLxton/BLink_poc",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/GrayLxton/BLink_poc/blob/main/poc.py",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.306513",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.306513",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.560232",
"source": "cna@vuldb.com"
}
]
}

145
CVE-2025/CVE-2025-40xx/CVE-2025-4077.json Normal file
View File

@ -0,0 +1,145 @@
{
"id": "CVE-2025-4077",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-04-29T18:15:46.003",
"lastModified": "2025-04-29T18:15:46.003",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in code-projects School Billing System 1.0. This vulnerability affects the function searchrec. The manipulation of the argument Name leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"baseScore": 4.3,
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 3.1,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/zzzxc643/cve/blob/main/SCHOOL_BILLING_SYSTEM.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.306514",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.306514",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.560534",
"source": "cna@vuldb.com"
}
]
}

141
CVE-2025/CVE-2025-40xx/CVE-2025-4079.json Normal file
View File

@ -0,0 +1,141 @@
{
"id": "CVE-2025-4079",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-04-29T19:15:54.130",
"lastModified": "2025-04-29T19:15:54.130",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in PCMan FTP Server up to 2.0.7. Affected is an unknown function of the component RENAME Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"baseScore": 7.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://fitoxs.com/exploit/exploit-9e107d9d372bb6826bd81d3542a419d6.txt",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.306516",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.306516",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.560541",
"source": "cna@vuldb.com"
}
]
}

78
CVE-2025/CVE-2025-40xx/CVE-2025-4095.json Normal file
View File

@ -0,0 +1,78 @@
{
"id": "CVE-2025-4095",
"sourceIdentifier": "security@docker.com",
"published": "2025-04-29T18:15:46.180",
"lastModified": "2025-04-29T18:15:46.180",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Registry Access Management (RAM) is a security feature allowing administrators to restrict access for their developers to only allowed registries. When a MacOS configuration profile is used to enforce organization sign-in, the RAM policies are not being applied, which would allow Docker Desktop users to pull down unapproved, and potentially malicious images from any registry."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security@docker.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "HIGH",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security@docker.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://docs.docker.com/security/for-admins/hardened-desktop/registry-access-management",
"source": "security@docker.com"
}
]
}

54
CVE-2025/CVE-2025-425xx/CVE-2025-42599.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-42599", "id": "CVE-2025-42599",
"sourceIdentifier": "vultures@jpcert.or.jp", "sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2025-04-18T04:15:30.557", "published": "2025-04-18T04:15:30.557",
"lastModified": "2025-04-29T01:00:02.093", "lastModified": "2025-04-29T19:46:44.310",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -16,6 +16,28 @@
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [ "cvssMetricV30": [
{ {
"source": "vultures@jpcert.or.jp", "source": "vultures@jpcert.or.jp",
@ -55,14 +77,38 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qualitia:active\\!_mail:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.60.05008562",
"matchCriteriaId": "FEDBA20F-0447-4160-A33C-9AA85CE37B59"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://jvn.jp/en/jp/JVN22348866/", "url": "https://jvn.jp/en/jp/JVN22348866/",
"source": "vultures@jpcert.or.jp" "source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://www.qualitia.com/jp/news/2025/04/18_1030.html", "url": "https://www.qualitia.com/jp/news/2025/04/18_1030.html",
"source": "vultures@jpcert.or.jp" "source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

47
CVE-2025/CVE-2025-462xx/CVE-2025-46239.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-46239", "id": "CVE-2025-46239",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2025-04-22T10:15:17.570", "published": "2025-04-22T10:15:17.570",
"lastModified": "2025-04-23T14:08:13.383", "lastModified": "2025-04-29T18:54:46.143",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.3, "exploitabilityScore": 2.3,
"impactScore": 3.7 "impactScore": 3.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
} }
] ]
}, },
@ -51,10 +71,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:plugin-planet:theme_switcha:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.4.1",
"matchCriteriaId": "2E1F674E-ADB4-4847-8B1E-10B66EE29A3C"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://patchstack.com/database/wordpress/plugin/theme-switcha/vulnerability/wordpress-theme-switcha-3-4-cross-site-scripting-xss-vulnerability?_s_id=cve", "url": "https://patchstack.com/database/wordpress/plugin/theme-switcha/vulnerability/wordpress-theme-switcha-3-4-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com" "source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

47
CVE-2025/CVE-2025-462xx/CVE-2025-46240.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-46240", "id": "CVE-2025-46240",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2025-04-22T10:15:17.750", "published": "2025-04-22T10:15:17.750",
"lastModified": "2025-04-23T14:08:13.383", "lastModified": "2025-04-29T18:52:17.683",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.3, "exploitabilityScore": 2.3,
"impactScore": 3.7 "impactScore": 3.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
} }
] ]
}, },
@ -51,10 +71,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:plugin-planet:simple_download_counter:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.2.1",
"matchCriteriaId": "A70D1B89-B9AA-431E-B970-69EBE7376CEF"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://patchstack.com/database/wordpress/plugin/simple-download-counter/vulnerability/wordpress-simple-download-counter-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve", "url": "https://patchstack.com/database/wordpress/plugin/simple-download-counter/vulnerability/wordpress-simple-download-counter-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com" "source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

47
CVE-2025/CVE-2025-462xx/CVE-2025-46241.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-46241", "id": "CVE-2025-46241",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2025-04-22T10:15:17.960", "published": "2025-04-22T10:15:17.960",
"lastModified": "2025-04-23T14:08:13.383", "lastModified": "2025-04-29T18:48:56.777",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 4.7 "impactScore": 4.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
} }
] ]
}, },
@ -51,10 +71,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codepeople:appointment_booking_calendar:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.3.93",
"matchCriteriaId": "B434B492-CAB9-4E4B-9A92-A3B833A1B092"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://patchstack.com/database/wordpress/plugin/appointment-booking-calendar/vulnerability/wordpress-appointment-booking-calendar-plugin-1-3-92-csrf-to-sql-injection-vulnerability?_s_id=cve", "url": "https://patchstack.com/database/wordpress/plugin/appointment-booking-calendar/vulnerability/wordpress-appointment-booking-calendar-plugin-1-3-92-csrf-to-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com" "source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

47
CVE-2025/CVE-2025-462xx/CVE-2025-46242.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-46242", "id": "CVE-2025-46242",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2025-04-22T10:15:18.210", "published": "2025-04-22T10:15:18.210",
"lastModified": "2025-04-23T14:08:13.383", "lastModified": "2025-04-29T18:48:18.903",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.3, "exploitabilityScore": 2.3,
"impactScore": 4.7 "impactScore": 4.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
} }
] ]
}, },
@ -51,10 +71,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kibokolabs:watu_quiz:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.4.4",
"matchCriteriaId": "CBE2340E-D513-431D-8474-C45D156D91BE"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://patchstack.com/database/wordpress/plugin/watu/vulnerability/wordpress-watu-quiz-3-4-3-sql-injection-vulnerability?_s_id=cve", "url": "https://patchstack.com/database/wordpress/plugin/watu/vulnerability/wordpress-watu-quiz-3-4-3-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com" "source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

47
CVE-2025/CVE-2025-462xx/CVE-2025-46243.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-46243", "id": "CVE-2025-46243",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2025-04-22T10:15:18.390", "published": "2025-04-22T10:15:18.390",
"lastModified": "2025-04-23T14:08:13.383", "lastModified": "2025-04-29T18:45:08.813",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 1.4 "impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
} }
] ]
}, },
@ -51,10 +71,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sktthemes:recover_abandoned_cart_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.3",
"matchCriteriaId": "6AC7BD2C-1F0E-4653-A19F-0C4B8ACD1AFF"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://patchstack.com/database/wordpress/plugin/recover-wc-abandoned-cart/vulnerability/wordpress-recover-abandoned-cart-for-woocommerce-2-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "url": "https://patchstack.com/database/wordpress/plugin/recover-wc-abandoned-cart/vulnerability/wordpress-recover-abandoned-cart-for-woocommerce-2-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com" "source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

47
CVE-2025/CVE-2025-462xx/CVE-2025-46244.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-46244", "id": "CVE-2025-46244",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2025-04-22T10:15:18.560", "published": "2025-04-22T10:15:18.560",
"lastModified": "2025-04-23T14:08:13.383", "lastModified": "2025-04-29T18:37:46.840",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 1.4 "impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
] ]
}, },
@ -51,10 +71,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:multidots:advanced_linked_variations_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.0.4",
"matchCriteriaId": "20567D48-7EB3-499B-9CC0-200F8B93433F"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://patchstack.com/database/wordpress/plugin/linked-variation/vulnerability/wordpress-advanced-linked-variations-for-woocommerce-1-0-3-broken-access-control-vulnerability?_s_id=cve", "url": "https://patchstack.com/database/wordpress/plugin/linked-variation/vulnerability/wordpress-advanced-linked-variations-for-woocommerce-1-0-3-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com" "source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

47
CVE-2025/CVE-2025-462xx/CVE-2025-46245.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-46245", "id": "CVE-2025-46245",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2025-04-22T10:15:18.750", "published": "2025-04-22T10:15:18.750",
"lastModified": "2025-04-23T14:08:13.383", "lastModified": "2025-04-29T18:27:40.830",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 1.4 "impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
} }
] ]
}, },
@ -51,10 +71,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cminds:cm_ad_changer:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.0.6",
"matchCriteriaId": "86DC8008-7C87-4C0B-891C-CBE527BFAC1B"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://patchstack.com/database/wordpress/plugin/cm-ad-changer/vulnerability/wordpress-cm-ad-changer-2-0-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "url": "https://patchstack.com/database/wordpress/plugin/cm-ad-changer/vulnerability/wordpress-cm-ad-changer-2-0-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com" "source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

47
CVE-2025/CVE-2025-462xx/CVE-2025-46246.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-46246", "id": "CVE-2025-46246",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2025-04-22T10:15:18.953", "published": "2025-04-22T10:15:18.953",
"lastModified": "2025-04-23T14:08:13.383", "lastModified": "2025-04-29T18:22:45.507",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 1.4 "impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
} }
] ]
}, },
@ -51,10 +71,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cminds:cm_answers:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.3.4",
"matchCriteriaId": "78FCDEA9-9AA0-4A37-A445-F1A198F5EA89"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://patchstack.com/database/wordpress/plugin/cm-answers/vulnerability/wordpress-cm-answers-3-3-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "url": "https://patchstack.com/database/wordpress/plugin/cm-answers/vulnerability/wordpress-cm-answers-3-3-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com" "source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

47
CVE-2025/CVE-2025-462xx/CVE-2025-46247.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-46247", "id": "CVE-2025-46247",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2025-04-22T10:15:19.137", "published": "2025-04-22T10:15:19.137",
"lastModified": "2025-04-23T14:08:13.383", "lastModified": "2025-04-29T18:17:58.223",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 1.4 "impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
] ]
}, },
@ -51,10 +71,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codepeople:appointment_booking_calendar:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.3.93",
"matchCriteriaId": "B434B492-CAB9-4E4B-9A92-A3B833A1B092"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://patchstack.com/database/wordpress/plugin/appointment-booking-calendar/vulnerability/wordpress-appointment-booking-calendar-1-3-92-broken-access-control-vulnerability?_s_id=cve", "url": "https://patchstack.com/database/wordpress/plugin/appointment-booking-calendar/vulnerability/wordpress-appointment-booking-calendar-1-3-92-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com" "source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

8
CVE-2025/CVE-2025-463xx/CVE-2025-46346.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-46346", "id": "CVE-2025-46346",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2025-04-29T16:15:36.873", "published": "2025-04-29T16:15:36.873",
"lastModified": "2025-04-29T16:15:36.873", "lastModified": "2025-04-29T18:15:44.570",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -60,7 +60,7 @@
"weaknesses": [ "weaknesses": [
{ {
"source": "security-advisories@github.com", "source": "security-advisories@github.com",
"type": "Primary", "type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",
@ -77,6 +77,10 @@
{ {
"url": "https://github.com/YesWiki/yeswiki/security/advisories/GHSA-59x8-cvxh-3mm4", "url": "https://github.com/YesWiki/yeswiki/security/advisories/GHSA-59x8-cvxh-3mm4",
"source": "security-advisories@github.com" "source": "security-advisories@github.com"
},
{
"url": "https://github.com/YesWiki/yeswiki/security/advisories/GHSA-59x8-cvxh-3mm4",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
} }
] ]
} }

86
CVE-2025/CVE-2025-463xx/CVE-2025-46347.json Normal file
View File

@ -0,0 +1,86 @@
{
"id": "CVE-2025-46347",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-04-29T18:15:44.670",
"lastModified": "2025-04-29T19:15:53.650",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki vulnerable to remote code execution. An arbitrary file write can be used to write a file with a PHP extension, which then can be browsed to in order to execute arbitrary code on the server, resulting in a full compromise of the server. This could potentially be performed unwittingly by a user. This issue has been patched in version 4.5.4."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"subAvailabilityImpact": "HIGH",
"exploitMaturity": "PROOF_OF_CONCEPT",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-116"
}
]
}
],
"references": [
{
"url": "https://github.com/YesWiki/yeswiki/commit/8fe5275a78dc7e0f9c242baa3cbac6b5ac1cc066",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/YesWiki/yeswiki/security/advisories/GHSA-88xg-v53p-fpvf",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/YesWiki/yeswiki/security/advisories/GHSA-88xg-v53p-fpvf",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

64
CVE-2025/CVE-2025-463xx/CVE-2025-46349.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2025-46349",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-04-29T18:15:44.803",
"lastModified": "2025-04-29T18:15:44.803",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki is vulnerable to reflected XSS in the file upload form. This vulnerability allows any malicious unauthenticated user to create a link that can be clicked on by the victim to perform arbitrary actions. This issue has been patched in version 4.5.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/YesWiki/yeswiki/pull/1264/commits/6edde40eb7eeb5d60619ac4d1e0a0422d92e9524",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/YesWiki/yeswiki/security/advisories/GHSA-2f8p-qqx2-gwr2",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/YesWiki/yeswiki/security/advisories/GHSA-2f8p-qqx2-gwr2",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

64
CVE-2025/CVE-2025-463xx/CVE-2025-46350.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2025-46350",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-04-29T18:15:44.950",
"lastModified": "2025-04-29T18:15:44.950",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user\u2019s session. This vulnerability may also allow attackers to deface the website or embed malicious content. This issue has been patched in version 4.5.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
"baseScore": 3.5,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 0.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/YesWiki/yeswiki/commit/e2603176a4607b83659635a0c517550d4a171cb9",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/YesWiki/yeswiki/security/advisories/GHSA-cg4f-cq8h-3ch8",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/YesWiki/yeswiki/security/advisories/GHSA-cg4f-cq8h-3ch8",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

93
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2025-04-29T18:00:20.250098+00:00 2025-04-29T20:00:20.035203+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2025-04-29T17:57:02.620000+00:00 2025-04-29T19:49:59.680000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -33,67 +33,54 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs ### Total Number of included CVEs
```plain ```plain
291717 291727
``` ```
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `23` Recently added CVEs: `10`
- [CVE-2025-0716](CVE-2025/CVE-2025-07xx/CVE-2025-0716.json) (`2025-04-29T17:15:39.790`) - [CVE-2025-3911](CVE-2025/CVE-2025-39xx/CVE-2025-3911.json) (`2025-04-29T18:15:44.370`)
- [CVE-2025-1551](CVE-2025/CVE-2025-15xx/CVE-2025-1551.json) (`2025-04-29T16:15:29.870`) - [CVE-2025-4074](CVE-2025/CVE-2025-40xx/CVE-2025-4074.json) (`2025-04-29T18:15:45.470`)
- [CVE-2025-23177](CVE-2025/CVE-2025-231xx/CVE-2025-23177.json) (`2025-04-29T16:15:30.017`) - [CVE-2025-4075](CVE-2025/CVE-2025-40xx/CVE-2025-4075.json) (`2025-04-29T18:15:45.653`)
- [CVE-2025-23178](CVE-2025/CVE-2025-231xx/CVE-2025-23178.json) (`2025-04-29T16:15:30.157`) - [CVE-2025-4076](CVE-2025/CVE-2025-40xx/CVE-2025-4076.json) (`2025-04-29T18:15:45.830`)
- [CVE-2025-23179](CVE-2025/CVE-2025-231xx/CVE-2025-23179.json) (`2025-04-29T16:15:30.297`) - [CVE-2025-4077](CVE-2025/CVE-2025-40xx/CVE-2025-4077.json) (`2025-04-29T18:15:46.003`)
- [CVE-2025-23180](CVE-2025/CVE-2025-231xx/CVE-2025-23180.json) (`2025-04-29T17:15:40.687`) - [CVE-2025-4079](CVE-2025/CVE-2025-40xx/CVE-2025-4079.json) (`2025-04-29T19:15:54.130`)
- [CVE-2025-23181](CVE-2025/CVE-2025-231xx/CVE-2025-23181.json) (`2025-04-29T17:15:40.907`) - [CVE-2025-4095](CVE-2025/CVE-2025-40xx/CVE-2025-4095.json) (`2025-04-29T18:15:46.180`)
- [CVE-2025-25403](CVE-2025/CVE-2025-254xx/CVE-2025-25403.json) (`2025-04-29T16:15:30.437`) - [CVE-2025-46347](CVE-2025/CVE-2025-463xx/CVE-2025-46347.json) (`2025-04-29T18:15:44.670`)
- [CVE-2025-25962](CVE-2025/CVE-2025-259xx/CVE-2025-25962.json) (`2025-04-29T16:15:30.580`) - [CVE-2025-46349](CVE-2025/CVE-2025-463xx/CVE-2025-46349.json) (`2025-04-29T18:15:44.803`)
- [CVE-2025-32354](CVE-2025/CVE-2025-323xx/CVE-2025-32354.json) (`2025-04-29T16:15:34.770`) - [CVE-2025-46350](CVE-2025/CVE-2025-463xx/CVE-2025-46350.json) (`2025-04-29T18:15:44.950`)
- [CVE-2025-40615](CVE-2025/CVE-2025-406xx/CVE-2025-40615.json) (`2025-04-29T16:15:36.160`)
- [CVE-2025-40616](CVE-2025/CVE-2025-406xx/CVE-2025-40616.json) (`2025-04-29T16:15:36.310`)
- [CVE-2025-40617](CVE-2025/CVE-2025-406xx/CVE-2025-40617.json) (`2025-04-29T16:15:36.450`)
- [CVE-2025-40618](CVE-2025/CVE-2025-406xx/CVE-2025-40618.json) (`2025-04-29T16:15:36.580`)
- [CVE-2025-40619](CVE-2025/CVE-2025-406xx/CVE-2025-40619.json) (`2025-04-29T16:15:36.727`)
- [CVE-2025-4068](CVE-2025/CVE-2025-40xx/CVE-2025-4068.json) (`2025-04-29T16:15:38.163`)
- [CVE-2025-4069](CVE-2025/CVE-2025-40xx/CVE-2025-4069.json) (`2025-04-29T16:15:38.350`)
- [CVE-2025-4070](CVE-2025/CVE-2025-40xx/CVE-2025-4070.json) (`2025-04-29T16:15:38.523`)
- [CVE-2025-4071](CVE-2025/CVE-2025-40xx/CVE-2025-4071.json) (`2025-04-29T16:15:38.697`)
- [CVE-2025-4072](CVE-2025/CVE-2025-40xx/CVE-2025-4072.json) (`2025-04-29T17:15:41.500`)
- [CVE-2025-4073](CVE-2025/CVE-2025-40xx/CVE-2025-4073.json) (`2025-04-29T17:15:41.730`)
- [CVE-2025-45956](CVE-2025/CVE-2025-459xx/CVE-2025-45956.json) (`2025-04-29T17:15:41.317`)
- [CVE-2025-46346](CVE-2025/CVE-2025-463xx/CVE-2025-46346.json) (`2025-04-29T16:15:36.873`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit
Recently modified CVEs: `131` Recently modified CVEs: `69`
- [CVE-2025-31697](CVE-2025/CVE-2025-316xx/CVE-2025-31697.json) (`2025-04-29T16:15:34.633`) - [CVE-2025-23136](CVE-2025/CVE-2025-231xx/CVE-2025-23136.json) (`2025-04-29T18:53:02.607`)
- [CVE-2025-32979](CVE-2025/CVE-2025-329xx/CVE-2025-32979.json) (`2025-04-29T16:15:34.913`) - [CVE-2025-23137](CVE-2025/CVE-2025-231xx/CVE-2025-23137.json) (`2025-04-29T18:53:31.417`)
- [CVE-2025-32980](CVE-2025/CVE-2025-329xx/CVE-2025-32980.json) (`2025-04-29T16:15:35.103`) - [CVE-2025-3333](CVE-2025/CVE-2025-33xx/CVE-2025-3333.json) (`2025-04-29T19:39:40.330`)
- [CVE-2025-32981](CVE-2025/CVE-2025-329xx/CVE-2025-32981.json) (`2025-04-29T16:15:35.280`) - [CVE-2025-3334](CVE-2025/CVE-2025-33xx/CVE-2025-3334.json) (`2025-04-29T19:33:04.337`)
- [CVE-2025-32982](CVE-2025/CVE-2025-329xx/CVE-2025-32982.json) (`2025-04-29T16:15:35.457`) - [CVE-2025-3338](CVE-2025/CVE-2025-33xx/CVE-2025-3338.json) (`2025-04-29T19:29:51.553`)
- [CVE-2025-32985](CVE-2025/CVE-2025-329xx/CVE-2025-32985.json) (`2025-04-29T16:15:35.643`) - [CVE-2025-3339](CVE-2025/CVE-2025-33xx/CVE-2025-3339.json) (`2025-04-29T19:29:05.240`)
- [CVE-2025-32986](CVE-2025/CVE-2025-329xx/CVE-2025-32986.json) (`2025-04-29T16:15:35.820`) - [CVE-2025-3340](CVE-2025/CVE-2025-33xx/CVE-2025-3340.json) (`2025-04-29T19:25:09.687`)
- [CVE-2025-37785](CVE-2025/CVE-2025-377xx/CVE-2025-37785.json) (`2025-04-29T16:56:25.337`) - [CVE-2025-3729](CVE-2025/CVE-2025-37xx/CVE-2025-3729.json) (`2025-04-29T19:12:13.150`)
- [CVE-2025-37860](CVE-2025/CVE-2025-378xx/CVE-2025-37860.json) (`2025-04-29T16:55:17.163`) - [CVE-2025-3928](CVE-2025/CVE-2025-39xx/CVE-2025-3928.json) (`2025-04-29T19:48:41.463`)
- [CVE-2025-37893](CVE-2025/CVE-2025-378xx/CVE-2025-37893.json) (`2025-04-29T16:54:26.433`) - [CVE-2025-4069](CVE-2025/CVE-2025-40xx/CVE-2025-4069.json) (`2025-04-29T18:15:45.100`)
- [CVE-2025-37925](CVE-2025/CVE-2025-379xx/CVE-2025-37925.json) (`2025-04-29T16:44:08.020`) - [CVE-2025-4070](CVE-2025/CVE-2025-40xx/CVE-2025-4070.json) (`2025-04-29T18:15:45.233`)
- [CVE-2025-4086](CVE-2025/CVE-2025-40xx/CVE-2025-4086.json) (`2025-04-29T16:15:38.873`) - [CVE-2025-4071](CVE-2025/CVE-2025-40xx/CVE-2025-4071.json) (`2025-04-29T18:15:45.357`)
- [CVE-2025-4087](CVE-2025/CVE-2025-40xx/CVE-2025-4087.json) (`2025-04-29T16:15:39.017`) - [CVE-2025-4072](CVE-2025/CVE-2025-40xx/CVE-2025-4072.json) (`2025-04-29T19:15:53.750`)
- [CVE-2025-4088](CVE-2025/CVE-2025-40xx/CVE-2025-4088.json) (`2025-04-29T16:15:39.153`) - [CVE-2025-4073](CVE-2025/CVE-2025-40xx/CVE-2025-4073.json) (`2025-04-29T19:15:53.880`)
- [CVE-2025-4089](CVE-2025/CVE-2025-40xx/CVE-2025-4089.json) (`2025-04-29T16:15:39.297`) - [CVE-2025-42599](CVE-2025/CVE-2025-425xx/CVE-2025-42599.json) (`2025-04-29T19:46:44.310`)
- [CVE-2025-4090](CVE-2025/CVE-2025-40xx/CVE-2025-4090.json) (`2025-04-29T16:15:39.440`) - [CVE-2025-46239](CVE-2025/CVE-2025-462xx/CVE-2025-46239.json) (`2025-04-29T18:54:46.143`)
- [CVE-2025-4091](CVE-2025/CVE-2025-40xx/CVE-2025-4091.json) (`2025-04-29T16:15:39.570`) - [CVE-2025-46240](CVE-2025/CVE-2025-462xx/CVE-2025-46240.json) (`2025-04-29T18:52:17.683`)
- [CVE-2025-4092](CVE-2025/CVE-2025-40xx/CVE-2025-4092.json) (`2025-04-29T16:15:39.707`) - [CVE-2025-46241](CVE-2025/CVE-2025-462xx/CVE-2025-46241.json) (`2025-04-29T18:48:56.777`)
- [CVE-2025-4093](CVE-2025/CVE-2025-40xx/CVE-2025-4093.json) (`2025-04-29T16:15:39.850`) - [CVE-2025-46242](CVE-2025/CVE-2025-462xx/CVE-2025-46242.json) (`2025-04-29T18:48:18.903`)
- [CVE-2025-46653](CVE-2025/CVE-2025-466xx/CVE-2025-46653.json) (`2025-04-29T16:15:37.150`) - [CVE-2025-46243](CVE-2025/CVE-2025-462xx/CVE-2025-46243.json) (`2025-04-29T18:45:08.813`)
- [CVE-2025-46654](CVE-2025/CVE-2025-466xx/CVE-2025-46654.json) (`2025-04-29T16:15:37.300`) - [CVE-2025-46244](CVE-2025/CVE-2025-462xx/CVE-2025-46244.json) (`2025-04-29T18:37:46.840`)
- [CVE-2025-46655](CVE-2025/CVE-2025-466xx/CVE-2025-46655.json) (`2025-04-29T16:15:37.440`) - [CVE-2025-46245](CVE-2025/CVE-2025-462xx/CVE-2025-46245.json) (`2025-04-29T18:27:40.830`)
- [CVE-2025-46656](CVE-2025/CVE-2025-466xx/CVE-2025-46656.json) (`2025-04-29T16:15:37.573`) - [CVE-2025-46246](CVE-2025/CVE-2025-462xx/CVE-2025-46246.json) (`2025-04-29T18:22:45.507`)
- [CVE-2025-46672](CVE-2025/CVE-2025-466xx/CVE-2025-46672.json) (`2025-04-29T16:15:37.747`) - [CVE-2025-46247](CVE-2025/CVE-2025-462xx/CVE-2025-46247.json) (`2025-04-29T18:17:58.223`)
- [CVE-2025-46673](CVE-2025/CVE-2025-466xx/CVE-2025-46673.json) (`2025-04-29T16:15:37.900`) - [CVE-2025-46346](CVE-2025/CVE-2025-463xx/CVE-2025-46346.json) (`2025-04-29T18:15:44.570`)
## Download and Usage ## Download and Usage

442
_state.csv
View File

File diff suppressed because it is too large Load Diff