diff --git a/CVE-2025/CVE-2025-210xx/CVE-2025-21085.json b/CVE-2025/CVE-2025-210xx/CVE-2025-21085.json new file mode 100644 index 00000000000..fc59ee8250a --- /dev/null +++ b/CVE-2025/CVE-2025-210xx/CVE-2025-21085.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2025-21085", + "sourceIdentifier": "responsible-disclosure@pingidentity.com", + "published": "2025-06-15T15:15:18.330", + "lastModified": "2025-06-15T15:15:18.330", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "PingFederate OAuth2 grant duplication in PostgreSQL persistent storage allows OAuth2 requests to use excessive memory utilization." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "responsible-disclosure@pingidentity.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:A/V:X/RE:L/U:Amber", + "baseScore": 2.1, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "PRESENT", + "privilegesRequired": "LOW", + "userInteraction": "PASSIVE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "LOW", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "PRESENT", + "Automatable": "YES", + "Recovery": "AUTOMATIC", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "LOW", + "providerUrgency": "AMBER" + } + } + ] + }, + "weaknesses": [ + { + "source": "responsible-disclosure@pingidentity.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-462" + } + ] + } + ], + "references": [ + { + "url": "https://support.pingidentity.com/s/article/PingFederate-grant-attribute-duplication-with-PostgreSQL", + "source": "responsible-disclosure@pingidentity.com" + }, + { + "url": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html", + "source": "responsible-disclosure@pingidentity.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-228xx/CVE-2025-22854.json b/CVE-2025/CVE-2025-228xx/CVE-2025-22854.json new file mode 100644 index 00000000000..0ab6b08e394 --- /dev/null +++ b/CVE-2025/CVE-2025-228xx/CVE-2025-22854.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2025-22854", + "sourceIdentifier": "responsible-disclosure@pingidentity.com", + "published": "2025-06-15T15:15:19.150", + "lastModified": "2025-06-15T15:15:19.150", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper handling of non-200 http responses in\u00a0the PingFederate Google Adapter\u00a0leads to thread exhaustion under normal usage conditions." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "responsible-disclosure@pingidentity.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:A/V:X/RE:M/U:Red", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "PRESENT", + "privilegesRequired": "LOW", + "userInteraction": "PASSIVE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "HIGH", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "HIGH", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "PRESENT", + "Automatable": "YES", + "Recovery": "AUTOMATIC", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "MODERATE", + "providerUrgency": "RED" + } + } + ] + }, + "weaknesses": [ + { + "source": "responsible-disclosure@pingidentity.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-394" + } + ] + } + ], + "references": [ + { + "url": "https://docs.pingidentity.com/integrations/google/google_login_integration_kit/pf_google_cic_changelog.html", + "source": "responsible-disclosure@pingidentity.com" + }, + { + "url": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html", + "source": "responsible-disclosure@pingidentity.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-60xx/CVE-2025-6090.json b/CVE-2025/CVE-2025-60xx/CVE-2025-6090.json new file mode 100644 index 00000000000..81ba9d69b6e --- /dev/null +++ b/CVE-2025/CVE-2025-60xx/CVE-2025-6090.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-6090", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-15T15:15:19.303", + "lastModified": "2025-06-15T15:15:19.303", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in H3C GR-5400AX V100R009L50 and classified as critical. This issue affects the function UpdateWanparamsMulti/UpdateIpv6params of the file /routing/goform/aspForm. The manipulation of the argument param leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor confirms the existence of this issue. Because they assess the risk as low, they do not have immediate plans for remediation." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "HIGH", + "vulnAvailabilityImpact": "HIGH", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", + "baseScore": 9.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "COMPLETE", + "integrityImpact": "COMPLETE", + "availabilityImpact": "COMPLETE" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 8.0, + "impactScore": 10.0, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + }, + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/CH13hh/cve/blob/main/new/5.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.312557", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.312557", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.587999", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index e04358ce506..a1d6e6e196e 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-06-15T14:00:19.413860+00:00 +2025-06-15T16:00:19.386594+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-06-15T13:15:33.353000+00:00 +2025-06-15T15:15:19.303000+00:00 ``` ### Last Data Feed Release @@ -33,16 +33,16 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -297957 +297960 ``` ### CVEs added in the last Commit Recently added CVEs: `3` -- [CVE-2025-1411](CVE-2025/CVE-2025-14xx/CVE-2025-1411.json) (`2025-06-15T13:15:32.027`) -- [CVE-2025-36041](CVE-2025/CVE-2025-360xx/CVE-2025-36041.json) (`2025-06-15T13:15:33.177`) -- [CVE-2025-6089](CVE-2025/CVE-2025-60xx/CVE-2025-6089.json) (`2025-06-15T13:15:33.353`) +- [CVE-2025-21085](CVE-2025/CVE-2025-210xx/CVE-2025-21085.json) (`2025-06-15T15:15:18.330`) +- [CVE-2025-22854](CVE-2025/CVE-2025-228xx/CVE-2025-22854.json) (`2025-06-15T15:15:19.150`) +- [CVE-2025-6090](CVE-2025/CVE-2025-60xx/CVE-2025-6090.json) (`2025-06-15T15:15:19.303`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index abacb7c85af..30265c7746d 100644 --- a/_state.csv +++ b/_state.csv @@ -283535,7 +283535,7 @@ CVE-2025-1406,0,0,6fbc92715581c083383884df65716e311e7920e9986e87816bf21c4af15408 CVE-2025-1407,0,0,81ebc501504f4e0e97111e960151a7a649f1ecbd9d904ea14ecfe9745b475037,2025-02-25T03:37:32.347000 CVE-2025-1408,0,0,7744109164007b678e01b84bc920895643f4329552f36dd13088e27d1c95f709,2025-03-27T00:38:34.650000 CVE-2025-1410,0,0,1acd34ee1bf4de50c7bb7990bb2833820ce8a935ac6fe3383da13c0fe4fe3da0,2025-02-25T03:35:42.633000 -CVE-2025-1411,1,1,64e5408b31c2dc26f5b62c5a36bb59c50bc32e86d443491540978b2d2d022807,2025-06-15T13:15:32.027000 +CVE-2025-1411,0,0,64e5408b31c2dc26f5b62c5a36bb59c50bc32e86d443491540978b2d2d022807,2025-06-15T13:15:32.027000 CVE-2025-1412,0,0,15006068dde5667dc534d1c6a1b910fc18a441695fc7fe8438811af885c4587d,2025-02-24T08:15:09.890000 CVE-2025-1413,0,0,5c3f38d9cc7b7010909c2af97131be7654555b0227082bf07ca01df8093ffd5a,2025-03-26T16:15:20.833000 CVE-2025-1414,0,0,3a97550374709a951d5410aaca1ecbf1ee05e0ec13bcab848c3fdf8c74845735,2025-03-28T19:05:18.850000 @@ -284490,6 +284490,7 @@ CVE-2025-21081,0,0,2001a89bc61e9590c36304579e4e9d48d5980697f9b552f01b260ec73e2e5 CVE-2025-21082,0,0,46ac35d658d44baf54d1ac8a8f790de5d79d2ee8dc02f7947502a40cb1fc420e,2025-06-09T19:07:20.283000 CVE-2025-21083,0,0,b1f881e778d473a44d11cfcbd38b4988ccf3c0bae1e47d54950fb32a165015e0,2025-01-15T17:15:19.393000 CVE-2025-21084,0,0,af34ba3562290d89d6e1fadbcb1efbf04888823c3570480deec642a909378dd0,2025-03-04T17:42:20.943000 +CVE-2025-21085,1,1,772ebdef43100f9d01acb11126f9ce7aa2f47608a00a014fc26a64b09e90154e,2025-06-15T15:15:18.330000 CVE-2025-21087,0,0,28561df062c57bddb73cb1503a50933afccce81ed6c2872e01fa7d13e8dbf5f5,2025-02-05T18:15:30.430000 CVE-2025-21088,0,0,2fc6ecd1dae8270574ff01139ed8a42b63c05aa457c258a8d76906ce3a93ca54,2025-01-15T16:15:32.413000 CVE-2025-21089,0,0,376a98b84b381726ba88c6087957cb55f869f110cd69de435e1dd837da0605d8,2025-03-06T18:07:19.917000 @@ -286164,6 +286165,7 @@ CVE-2025-22847,0,0,0de483179c1066e1dcd28554acee3e5fb1b273a7c68d4f167ad861a991a59 CVE-2025-22848,0,0,9b515c9e26461ad766d4f4acf9e3a2e59ff846ba8d2c4573dfec0aff13837cad,2025-05-16T14:43:56.797000 CVE-2025-2285,0,0,98fc658609c4f69aaee78398e9e81043e36556f176ddcb77fdb67c9af81d073b,2025-04-08T18:13:53.347000 CVE-2025-22851,0,0,f2a6332c8e5e9b9a1e6161891c357461c7bb64ff86725b50b37556c69f8a4a26,2025-04-07T14:17:50.220000 +CVE-2025-22854,1,1,913ca7fc59825bdbeb39e9e2c64564488322a796af22fabc508312a2cffa260b,2025-06-15T15:15:19.150000 CVE-2025-22855,0,0,0ea644d507eefb1364e7f8ce7a6f7b59da91a785412c2309fc15d80da09b4a79,2025-04-08T18:13:53.347000 CVE-2025-22859,0,0,650d68c9ac8ef101db4b23d698782c4b6cdbb3a3c81745480f8df2db23b95791,2025-05-13T19:35:18.080000 CVE-2025-2286,0,0,a29011b43d479279660c1eaaab71fd21b21b30735d3755825b9279066e08e188,2025-04-08T18:13:53.347000 @@ -293432,7 +293434,7 @@ CVE-2025-35996,0,0,a68f8bf3039aca0fabffa5365ae47dde1016d171f7f66e0132baceb8c4b86 CVE-2025-3600,0,0,39687de6700cb24ab4e4b1a2e787339a193916dd4e6bd5edd6e893f0c5922e67,2025-05-16T14:43:56.797000 CVE-2025-3603,0,0,8fc219493265409dea0354ed582a157fa1e4783601045e446f4ea74d7c8f20d5,2025-04-29T13:52:47.470000 CVE-2025-3604,0,0,07d89cc421108391d0d00a1dbe62611cc85596ef2f0a6ad665200edb2fc067bb,2025-04-29T13:52:47.470000 -CVE-2025-36041,1,1,4b8233fc26a8fc5bc616826fc46bf80a37f2f77e29ca0685795e27907e6fbd84,2025-06-15T13:15:33.177000 +CVE-2025-36041,0,0,4b8233fc26a8fc5bc616826fc46bf80a37f2f77e29ca0685795e27907e6fbd84,2025-06-15T13:15:33.177000 CVE-2025-3605,0,0,9176bdbc7dac7692b3792270d47f63d72180fcbe4f8435ffab86ce86c23fcbca,2025-05-12T17:32:32.760000 CVE-2025-3606,0,0,9e462a995d1e7019ecb96791362c7ba0b1305419ebea53ce8f14b67c14ed347e,2025-04-29T13:52:28.490000 CVE-2025-3607,0,0,00a61937e6c72150e849325aa06a18ed35736c13546aa89382694e35fbdc7236,2025-04-29T13:52:47.470000 @@ -297955,4 +297957,5 @@ CVE-2025-6064,0,0,f1b42f8abbe1dc42385b1b319a813fce6feba5bf2333128ae8bf40e0d2cea4 CVE-2025-6065,0,0,5e976b8fac171cc7b59ad041eb4f60fb6d8881197db355ec035f6d3d2b656140,2025-06-14T09:15:25.020000 CVE-2025-6070,0,0,ae440df732d231f7ffcd78cb09e2ed1b1c8a60913b6e4fb5a0be81a26a0ad612,2025-06-14T09:15:25.180000 CVE-2025-6083,0,0,5e291165aed4c74479ba71d7ab91f6f809097d9cd4c0b19093249b128e4fa523,2025-06-13T22:15:19.500000 -CVE-2025-6089,1,1,1082dde39a9a857add821028ed23d128072d550fdb8ad36ad1f948e836ba053f,2025-06-15T13:15:33.353000 +CVE-2025-6089,0,0,1082dde39a9a857add821028ed23d128072d550fdb8ad36ad1f948e836ba053f,2025-06-15T13:15:33.353000 +CVE-2025-6090,1,1,e27818139ece2411b32b2e625852fcc342cc8f5d5f99f49ddd3d8c5d380302a8,2025-06-15T15:15:19.303000