From 512fe45c2f542cd8345cbb9ea164ae5e31e4e0e2 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sun, 22 Jun 2025 23:59:08 +0000 Subject: [PATCH] Auto-Update: 2025-06-22T23:55:25.904022+00:00 --- CVE-2025/CVE-2025-64xx/CVE-2025-6493.json | 141 +++++++++++++++++++++ CVE-2025/CVE-2025-64xx/CVE-2025-6494.json | 145 ++++++++++++++++++++++ README.md | 11 +- _state.csv | 4 +- 4 files changed, 295 insertions(+), 6 deletions(-) create mode 100644 CVE-2025/CVE-2025-64xx/CVE-2025-6493.json create mode 100644 CVE-2025/CVE-2025-64xx/CVE-2025-6494.json diff --git a/CVE-2025/CVE-2025-64xx/CVE-2025-6493.json b/CVE-2025/CVE-2025-64xx/CVE-2025-6493.json new file mode 100644 index 00000000000..639cff95bff --- /dev/null +++ b/CVE-2025/CVE-2025-64xx/CVE-2025-6493.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-6493", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-22T22:15:22.430", + "lastModified": "2025-06-22T22:15:22.430", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in CodeMirror up to 5.17.0 and classified as problematic. Affected by this issue is some unknown functionality of the file mode/markdown/markdown.js of the component Markdown Mode. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Not all code samples mentioned in the GitHub issue can be found. The repository mentions, that \"CodeMirror 6 exists, and is [...] much more actively maintained.\"" + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "baseScore": 5.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 10.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + }, + { + "lang": "en", + "value": "CWE-1333" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/codemirror/codemirror5/issues/7128", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.313610", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.313610", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.598875", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-64xx/CVE-2025-6494.json b/CVE-2025/CVE-2025-64xx/CVE-2025-6494.json new file mode 100644 index 00000000000..4fd73fc6f4c --- /dev/null +++ b/CVE-2025/CVE-2025-64xx/CVE-2025-6494.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-6494", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-22T23:15:20.103", + "lastModified": "2025-06-22T23:15:20.103", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in sparklemotion nokogiri up to 1.18.7. It has been classified as problematic. This affects the function hashmap_get_with_hash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseScore": 3.3, + "baseSeverity": "LOW", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "baseScore": 1.7, + "accessVector": "LOCAL", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "LOW", + "exploitabilityScore": 3.1, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + }, + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/sparklemotion/nokogiri/issues/3508", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/user-attachments/files/19825279/nokogiri_crash_2.txt", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.313611", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.313611", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.601006", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index c9e0b16ba5f..c74c4873875 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-06-22T22:00:18.745315+00:00 +2025-06-22T23:55:25.904022+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-06-22T20:15:19.803000+00:00 +2025-06-22T23:15:20.103000+00:00 ``` ### Last Data Feed Release @@ -33,14 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -299051 +299053 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `2` -- [CVE-2025-6492](CVE-2025/CVE-2025-64xx/CVE-2025-6492.json) (`2025-06-22T20:15:19.803`) +- [CVE-2025-6493](CVE-2025/CVE-2025-64xx/CVE-2025-6493.json) (`2025-06-22T22:15:22.430`) +- [CVE-2025-6494](CVE-2025/CVE-2025-64xx/CVE-2025-6494.json) (`2025-06-22T23:15:20.103`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 957e93db7ad..265288b1886 100644 --- a/_state.csv +++ b/_state.csv @@ -299049,4 +299049,6 @@ CVE-2025-6486,0,0,9e16bc0241dddb621b6c91e25d2bb2260b532feb11518a7d0833a6e6c99132 CVE-2025-6487,0,0,24e784a232cd8f124d85013955e4e21551f714b100e952bb10e264db938b4b3c,2025-06-22T18:15:22.783000 CVE-2025-6489,0,0,971a9bd0a1a72ae3f73fdaf4e3d9d8c0dc708f0cae7d8404552c50114055ec65,2025-06-22T19:15:19.843000 CVE-2025-6490,0,0,b5785fba3d09e5e40c600b2d07cffbd3014815c7c72569b13ae7bca50f9eb9a0,2025-06-22T19:15:20.790000 -CVE-2025-6492,1,1,37c2ee6e912d11a549ad7370223cfbc8853f761832f2a62dffc4ba74e9ac72aa,2025-06-22T20:15:19.803000 +CVE-2025-6492,0,0,37c2ee6e912d11a549ad7370223cfbc8853f761832f2a62dffc4ba74e9ac72aa,2025-06-22T20:15:19.803000 +CVE-2025-6493,1,1,b07984a53cd9acdb838d53ec36f19bf2b78d39f60ec9fbcd3799653f00698e46,2025-06-22T22:15:22.430000 +CVE-2025-6494,1,1,86f1220d913db6a1ab74494e021685dc10d3e076bd7d139d8673bfd67dc71200,2025-06-22T23:15:20.103000