Auto-Update: 2025-05-03T16:00:19.774645+00:00

2025-06-19 17:31:42 +00:00 · 2025-05-03 16:03:53 +00:00 · 2025-05-03 16:03:53 +00:00 · 56e2ecb552
commit 56e2ecb552
parent 4686d4d05f
4 changed files with 291 additions and 6 deletions
--- a/CVE-2025/CVE-2025-42xx/CVE-2025-4236.json
+++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4236.json
@ -0,0 +1,141 @@
+{
+  "id": "CVE-2025-4236",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2025-05-03T14:15:16.360",
+  "lastModified": "2025-05-03T14:15:16.360",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as critical. Affected by this vulnerability is an unknown functionality of the component MDIR Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "baseScore": 6.9,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "vulnConfidentialityImpact": "LOW",
+          "vulnIntegrityImpact": "LOW",
+          "vulnAvailabilityImpact": "LOW",
+          "subConfidentialityImpact": "NONE",
+          "subIntegrityImpact": "NONE",
+          "subAvailabilityImpact": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirement": "NOT_DEFINED",
+          "integrityRequirement": "NOT_DEFINED",
+          "availabilityRequirement": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
+          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
+          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
+          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
+          "modifiedSubIntegrityImpact": "NOT_DEFINED",
+          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
+          "Safety": "NOT_DEFINED",
+          "Automatable": "NOT_DEFINED",
+          "Recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED"
+        }
+      }
+    ],
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+          "baseScore": 7.3,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+          "baseScore": 7.5,
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "NONE",
+          "confidentialityImpact": "PARTIAL",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "PARTIAL"
+        },
+        "baseSeverity": "HIGH",
+        "exploitabilityScore": 10.0,
+        "impactScore": 6.4,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-119"
+        },
+        {
+          "lang": "en",
+          "value": "CWE-120"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://fitoxs.com/exploit/exploit-900150983cd24fb0d6963f7d28e17f72.txt",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.307327",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.307327",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?submit.561510",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-42xx/CVE-2025-4237.json
+++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4237.json
@ -0,0 +1,141 @@
+{
+  "id": "CVE-2025-4237",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2025-05-03T15:15:46.190",
+  "lastModified": "2025-05-03T15:15:46.190",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability was found in PCMan FTP Server 2.0.7 and classified as critical. Affected by this issue is some unknown functionality of the component MDELETE Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "baseScore": 6.9,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "vulnConfidentialityImpact": "LOW",
+          "vulnIntegrityImpact": "LOW",
+          "vulnAvailabilityImpact": "LOW",
+          "subConfidentialityImpact": "NONE",
+          "subIntegrityImpact": "NONE",
+          "subAvailabilityImpact": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirement": "NOT_DEFINED",
+          "integrityRequirement": "NOT_DEFINED",
+          "availabilityRequirement": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
+          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
+          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
+          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
+          "modifiedSubIntegrityImpact": "NOT_DEFINED",
+          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
+          "Safety": "NOT_DEFINED",
+          "Automatable": "NOT_DEFINED",
+          "Recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED"
+        }
+      }
+    ],
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+          "baseScore": 7.3,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+          "baseScore": 7.5,
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "NONE",
+          "confidentialityImpact": "PARTIAL",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "PARTIAL"
+        },
+        "baseSeverity": "HIGH",
+        "exploitabilityScore": 10.0,
+        "impactScore": 6.4,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-119"
+        },
+        {
+          "lang": "en",
+          "value": "CWE-120"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://fitoxs.com/exploit/exploit-c4ca4238a0b923820dcc509a6f75849b.txt",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.307328",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.307328",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?submit.561536",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2025-05-03T14:00:19.850335+00:00
+2025-05-03T16:00:19.774645+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2025-05-03T13:15:45.097000+00:00
+2025-05-03T15:15:46.190000+00:00
 ```

 ### Last Data Feed Release
@ -33,14 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-292442
+292444
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `1`
+Recently added CVEs: `2`

- [CVE-2025-37799](CVE-2025/CVE-2025-377xx/CVE-2025-37799.json) (`2025-05-03T12:15:14.950`)
+- [CVE-2025-4236](CVE-2025/CVE-2025-42xx/CVE-2025-4236.json) (`2025-05-03T14:15:16.360`)
+- [CVE-2025-4237](CVE-2025/CVE-2025-42xx/CVE-2025-4237.json) (`2025-05-03T15:15:46.190`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -291609,7 +291609,7 @@ CVE-2025-37795,0,0,5f43e8ceb755c5733fd8a35ddc7331855ed93d7583ae7af5b4b692f304a02
 CVE-2025-37796,0,0,428030d0653a748175c71827ea4c9ae20b71774709349878f4ddda1cd95c0c1c,2025-05-02T13:53:20.943000
 CVE-2025-37797,0,0,fd425782a48b046881f128317728db45417b5f38b0527d9336a706a21c37dd5f,2025-05-02T15:15:48.557000
 CVE-2025-37798,0,0,068915ee94d82c87e0b618724118634cebedff326c7a2b7bd3db281318e4f527,2025-05-02T15:15:48.657000
-CVE-2025-37799,1,1,1b1aeb667960c6540a0f210d3008cb36366a95ce248b841734c019f8d9628e8e,2025-05-03T13:15:45.097000
+CVE-2025-37799,0,0,1b1aeb667960c6540a0f210d3008cb36366a95ce248b841734c019f8d9628e8e,2025-05-03T13:15:45.097000
 CVE-2025-3783,0,0,08564e7625cce7923d54746f30fbc8f13bf12d9607faa6a7346084b96420b3f3,2025-04-23T18:03:35.193000
 CVE-2025-37838,0,0,4627751962794eed95b754bca312ed3f7d5516acc6a64aabcd85c08f967ca274,2025-05-02T07:16:04.937000
 CVE-2025-3785,0,0,34d9097de5cddb801f390505cfe685b8a98c847bdfd442c3d9a27ba845f11ce9,2025-04-21T14:23:45.950000
@ -292079,6 +292079,8 @@ CVE-2025-4215,0,0,5fd7a49b2f2c9f1e10a1eaa6aaf7951ee590f9e0aaf9c857c08ce31bb1852f
 CVE-2025-4218,0,0,a58de78c748f0c970b32963cfb0c0c4b002aa8f4aa47c3e31af6ad119f6d5528,2025-05-02T21:15:24.057000
 CVE-2025-4222,0,0,d7e55c8bdf6a556e71c00ab53da641e383f5a7392abda11a90f9dd5f2800bf1c,2025-05-03T03:15:29.217000
 CVE-2025-4226,0,0,256c886690389ae0541e1d1ea7f71899d0ed236ec6dc6f7c15cfa0dac8da60a3,2025-05-03T11:15:49.283000
+CVE-2025-4236,1,1,b02b73d2178832a88f0069b14b0ab050d3506e4246a4c6b03a35dfdf221c36c3,2025-05-03T14:15:16.360000
+CVE-2025-4237,1,1,b8dfb524fe6a3cc945f250dd88926768b7e86e7db972e69849a5847496c728cf,2025-05-03T15:15:46.190000
 CVE-2025-42598,0,0,4c400d87dc34a2b74819c41bbdd48bd1c3da0af3c35841d82c2177d30b1cb5f5,2025-04-29T13:52:10.697000
 CVE-2025-42599,0,0,d39e065342929b05f2b0a2b6fd7615d0e3f6e7c2f605fdbeb3b3bb9e83f12d93,2025-04-29T19:46:44.310000
 CVE-2025-42600,0,0,a98a7820b508b5a8b0c7d0f0dd6cbaa5b07d1e37b05a983a49eb79024a0cd435,2025-04-23T14:08:13.383000