Auto-Update: 2025-03-22T03:00:21.258380+00:00

2025-05-05 10:18:41 +00:00 · 2025-03-22 03:03:51 +00:00 · 2025-03-22 03:03:51 +00:00 · 3f5d1301ea
commit 3f5d1301ea
parent 5faa797ecf
4 changed files with 89 additions and 21 deletions
--- a/CVE-2025/CVE-2025-297xx/CVE-2025-29783.json
+++ b/CVE-2025/CVE-2025-297xx/CVE-2025-29783.json
@ -2,13 +2,17 @@
  "id": "CVE-2025-29783",
  "sourceIdentifier": "security-advisories@github.com",
  "published": "2025-03-19T16:15:32.477",
-  "lastModified": "2025-03-19T16:15:32.477",
-  "vulnStatus": "Received",
+  "lastModified": "2025-03-22T01:15:30.443",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. When vLLM is configured to use Mooncake, unsafe deserialization exposed directly over ZMQ/TCP on all network interfaces will allow attackers to execute remote code on distributed hosts. This is a remote code execution vulnerability impacting any deployments using Mooncake to distribute KV across distributed hosts. This vulnerability is fixed in 0.8.0."
+    },
+    {
+      "lang": "es",
+      "value": "vLLM es un motor de inferencia y servicio de alto rendimiento y eficiente en el uso de memoria para LLM. Cuando vLLM se configura para usar Mooncake, la deserializaci\u00f3n insegura expuesta directamente a trav\u00e9s de ZMQ/TCP en todas las interfaces de red permitir\u00e1 a los atacantes ejecutar c\u00f3digo remoto en hosts distribuidos. Esta vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo afecta a cualquier implementaci\u00f3n que use Mooncake para distribuir KV entre hosts distribuidos. Esta vulnerabilidad se corrigi\u00f3 en la versi\u00f3n 0.8.0."
    }
  ],
  "metrics": {
@ -18,19 +22,19 @@
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
-          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
-          "baseScore": 10.0,
+          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
+          "baseScore": 9.0,
          "baseSeverity": "CRITICAL",
-          "attackVector": "NETWORK",
+          "attackVector": "ADJACENT_NETWORK",
          "attackComplexity": "LOW",
-          "privilegesRequired": "NONE",
+          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH"
        },
-        "exploitabilityScore": 3.9,
+        "exploitabilityScore": 2.3,
        "impactScore": 6.0
      }
    ]
@ -38,7 +42,7 @@
  "weaknesses": [
    {
      "source": "security-advisories@github.com",
-      "type": "Primary",
+      "type": "Secondary",
      "description": [
        {
          "lang": "en",
--- a/CVE-2025/CVE-2025-304xx/CVE-2025-30472.json
+++ b/CVE-2025/CVE-2025-304xx/CVE-2025-30472.json
@ -0,0 +1,64 @@
+{
+  "id": "CVE-2025-30472",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2025-03-22T02:15:16.620",
+  "lastModified": "2025-03-22T02:15:16.620",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve@mitre.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
+          "baseScore": 9.0,
+          "baseSeverity": "CRITICAL",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 2.2,
+        "impactScore": 6.0
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve@mitre.org",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-121"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://corosync.org",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/corosync/corosync/blob/73ba225cc48ebb1903897c792065cb5e876613b0/exec/totemsrp.c#L4677",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/corosync/corosync/issues/778",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2025-03-22T00:55:19.341519+00:00
+2025-03-22T03:00:21.258380+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2025-03-21T23:15:21.613000+00:00
+2025-03-22T02:15:16.620000+00:00
 ```

 ### Last Data Feed Release
@ -27,28 +27,27 @@ Repository synchronizes with the NVD every 2 hours.
 Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)

 ```plain
-2025-03-21T01:00:04.506834+00:00
+2025-03-22T01:00:04.370062+00:00
 ```

 ### Total Number of included CVEs

 ```plain
-286189
+286190
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `3`
+Recently added CVEs: `1`

- [CVE-2025-2609](CVE-2025/CVE-2025-26xx/CVE-2025-2609.json) (`2025-03-21T23:15:21.493`)
- [CVE-2025-2610](CVE-2025/CVE-2025-26xx/CVE-2025-2610.json) (`2025-03-21T23:15:21.613`)
- [CVE-2025-26500](CVE-2025/CVE-2025-265xx/CVE-2025-26500.json) (`2025-03-21T23:15:21.327`)
+- [CVE-2025-30472](CVE-2025/CVE-2025-304xx/CVE-2025-30472.json) (`2025-03-22T02:15:16.620`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `0`
+Recently modified CVEs: `1`

+- [CVE-2025-29783](CVE-2025/CVE-2025-297xx/CVE-2025-29783.json) (`2025-03-22T01:15:30.443`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -285307,9 +285307,9 @@ CVE-2025-26058,0,0,d6830ee74802882f622367eb3e014df2c057afc37826d4d9d4aaa490f6e8c
 CVE-2025-2606,0,0,04bf39061f2f0281bf11b170e40522613f7033a73aa103bab3635d4c3cadd805,2025-03-21T21:15:37.260000
 CVE-2025-2607,0,0,7f7b6ce6c9128b8e2a4e32f09ee50a1a649731d966f7c7aad7b942632a323627,2025-03-21T21:15:37.430000
 CVE-2025-2608,0,0,6154f4c95ab9ab878289179a091133b4bdb0b1f5a3bb16758adefdabb865f57c,2025-03-21T22:15:26.250000
-CVE-2025-2609,1,1,7b21c41b261b6158c5310edb04b5cc2a367339014900651dec4048e891b30024,2025-03-21T23:15:21.493000
+CVE-2025-2609,0,0,7b21c41b261b6158c5310edb04b5cc2a367339014900651dec4048e891b30024,2025-03-21T23:15:21.493000
 CVE-2025-26091,0,0,0a53a3c2cb2d2c7caf4bc303bc2b91dad9caaf8869a6ee9842c32b5a6487c809,2025-03-04T17:15:18.243000
-CVE-2025-2610,1,1,46fa2e1103ee2b3232a528fc11a838861348ee0a3dad066e80c1f931cbbe7a20,2025-03-21T23:15:21.613000
+CVE-2025-2610,0,0,46fa2e1103ee2b3232a528fc11a838861348ee0a3dad066e80c1f931cbbe7a20,2025-03-21T23:15:21.613000
 CVE-2025-26125,0,0,d6bd5a75d4951f78a82236509754d95560a7f3fd72400cb1098121ae3778b2f5,2025-03-19T19:15:46.717000
 CVE-2025-26127,0,0,f0bbdd88ca25844410b8ed9592279ac8eda69e5d3712a1dfd40b529f1190e71e,2025-03-17T18:15:21.860000
 CVE-2025-26136,0,0,2adb34c79a3ec7fe584c4e7725e79c104805fdaa01d3b24e5975e14259ccd144,2025-03-05T17:15:16.017000
@ -285405,7 +285405,7 @@ CVE-2025-26492,0,0,10f610a7afe531efeeb1575e93a64c84a3a6f9453498a7cd0479c1add3e10
 CVE-2025-26493,0,0,f799a8cc0e301789ed68586a5557695a6ad2df626328779fd09deada6e66bea3,2025-02-11T14:15:31.473000
 CVE-2025-26494,0,0,9fa7dddcdaa3cd38f994e8d5f44807b1011184fd2f20f9f1171b97bd05f68ad5,2025-02-19T22:15:24.083000
 CVE-2025-26495,0,0,983e2fd32f57fd04049b2b771442705c11716769548e3c408ea9243e53d33e3b,2025-03-04T21:15:14.020000
-CVE-2025-26500,1,1,476e36bea575ec0f48bccd9f90b81b0779f14f9f3be6366ed83ebedcdfc30e59,2025-03-21T23:15:21.327000
+CVE-2025-26500,0,0,476e36bea575ec0f48bccd9f90b81b0779f14f9f3be6366ed83ebedcdfc30e59,2025-03-21T23:15:21.327000
 CVE-2025-26506,0,0,fbc7fbe48e89907d7f54c9d44bbfddf8def7e8f962f2da16afa56ece7168f990,2025-02-14T17:15:22.747000
 CVE-2025-26507,0,0,95b908cc64a72128294640690e70f9b52cb7f86d46bb5d8b6708727a9b7abcf3,2025-02-14T17:15:22.863000
 CVE-2025-26508,0,0,d39bd75c34a7083f955ea70add860587db1f6572db6bc11a7a1abfe21efc97ea,2025-02-14T17:15:22.983000
@ -286106,7 +286106,7 @@ CVE-2025-29779,0,0,2361210c87aea68a061209bb7c5182c2d3e935d41cf70eb515101cd965c3f
 CVE-2025-29780,0,0,3f4344500d740252b7365e0690ae4abe59605b1a5689a12595ae0031d06c80ce,2025-03-19T16:15:32.320000
 CVE-2025-29781,0,0,11468da575bc88f83630d2a3c1d3c52c4633da5dfa93d1362d874e9a4b38aa60,2025-03-18T15:16:00.747000
 CVE-2025-29782,0,0,a79518f63be9c881de8db0a0651ea1fe984913327462a61af7597165766c4b7e,2025-03-14T19:15:49.190000
-CVE-2025-29783,0,0,db74f85841bd9809c8600d964236b928a780182e8654e1d06f307b6503682f24,2025-03-19T16:15:32.477000
+CVE-2025-29783,0,1,45d2b00d8a588bece93df8bfaa38fd733283ba2670cda9e32612d412a0ff1e78,2025-03-22T01:15:30.443000
 CVE-2025-29786,0,0,0c40fa5408515757638473e28641812347d31da5efea9c126f50ced0bd11d506,2025-03-17T14:15:22.237000
 CVE-2025-29787,0,0,f2e861b6c4dbf868707fba7b3fb131d1b9814d3e4021455a52a8a2d5236bf0cb,2025-03-17T14:15:22.447000
 CVE-2025-29788,0,0,e1a88fbf2eb4e52db6d664e73916facba347fa2e80c6c15ea20d2760d435bf11,2025-03-17T14:15:22.653000
@ -286188,3 +286188,4 @@ CVE-2025-30346,0,0,12c54d9ba90206346439520e2259964548ecfd22e603768bd61d4be8b74cd
 CVE-2025-30347,0,0,5aaf3cff944de3cec59f823acc1d99e0f1bf167a4d8db3c3c92a29630e74ea6c,2025-03-21T07:15:37.527000
 CVE-2025-30348,0,0,63abfffda0f27ea7490322ebb3b845fa2348103ada5e44ecdac15f130d33dfc1,2025-03-21T07:15:37.673000
 CVE-2025-30349,0,0,5d6b1c837b52ea2e0b150e37502c6480a47b485a7d67b45f4ee88d21842fc776,2025-03-21T17:15:40.853000
+CVE-2025-30472,1,1,85399152b1fc2d9c05d60262346c19f5de2d6adfe37e52c27adbdd526d5ac32b,2025-03-22T02:15:16.620000