diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4236.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4236.json new file mode 100644 index 00000000000..2a0fb45dcbd --- /dev/null +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4236.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-4236", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-05-03T14:15:16.360", + "lastModified": "2025-05-03T14:15:16.360", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as critical. Affected by this vulnerability is an unknown functionality of the component MDIR Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + }, + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "references": [ + { + "url": "https://fitoxs.com/exploit/exploit-900150983cd24fb0d6963f7d28e17f72.txt", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.307327", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.307327", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.561510", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4237.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4237.json new file mode 100644 index 00000000000..3227d433968 --- /dev/null +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4237.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-4237", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-05-03T15:15:46.190", + "lastModified": "2025-05-03T15:15:46.190", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in PCMan FTP Server 2.0.7 and classified as critical. Affected by this issue is some unknown functionality of the component MDELETE Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + }, + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "references": [ + { + "url": "https://fitoxs.com/exploit/exploit-c4ca4238a0b923820dcc509a6f75849b.txt", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.307328", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.307328", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.561536", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index c2f8b06ebe3..e5aa98dba27 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-05-03T14:00:19.850335+00:00 +2025-05-03T16:00:19.774645+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-05-03T13:15:45.097000+00:00 +2025-05-03T15:15:46.190000+00:00 ``` ### Last Data Feed Release @@ -33,14 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -292442 +292444 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `2` -- [CVE-2025-37799](CVE-2025/CVE-2025-377xx/CVE-2025-37799.json) (`2025-05-03T12:15:14.950`) +- [CVE-2025-4236](CVE-2025/CVE-2025-42xx/CVE-2025-4236.json) (`2025-05-03T14:15:16.360`) +- [CVE-2025-4237](CVE-2025/CVE-2025-42xx/CVE-2025-4237.json) (`2025-05-03T15:15:46.190`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 4f94fe08c9a..6f91aefacbd 100644 --- a/_state.csv +++ b/_state.csv @@ -291609,7 +291609,7 @@ CVE-2025-37795,0,0,5f43e8ceb755c5733fd8a35ddc7331855ed93d7583ae7af5b4b692f304a02 CVE-2025-37796,0,0,428030d0653a748175c71827ea4c9ae20b71774709349878f4ddda1cd95c0c1c,2025-05-02T13:53:20.943000 CVE-2025-37797,0,0,fd425782a48b046881f128317728db45417b5f38b0527d9336a706a21c37dd5f,2025-05-02T15:15:48.557000 CVE-2025-37798,0,0,068915ee94d82c87e0b618724118634cebedff326c7a2b7bd3db281318e4f527,2025-05-02T15:15:48.657000 -CVE-2025-37799,1,1,1b1aeb667960c6540a0f210d3008cb36366a95ce248b841734c019f8d9628e8e,2025-05-03T13:15:45.097000 +CVE-2025-37799,0,0,1b1aeb667960c6540a0f210d3008cb36366a95ce248b841734c019f8d9628e8e,2025-05-03T13:15:45.097000 CVE-2025-3783,0,0,08564e7625cce7923d54746f30fbc8f13bf12d9607faa6a7346084b96420b3f3,2025-04-23T18:03:35.193000 CVE-2025-37838,0,0,4627751962794eed95b754bca312ed3f7d5516acc6a64aabcd85c08f967ca274,2025-05-02T07:16:04.937000 CVE-2025-3785,0,0,34d9097de5cddb801f390505cfe685b8a98c847bdfd442c3d9a27ba845f11ce9,2025-04-21T14:23:45.950000 @@ -292079,6 +292079,8 @@ CVE-2025-4215,0,0,5fd7a49b2f2c9f1e10a1eaa6aaf7951ee590f9e0aaf9c857c08ce31bb1852f CVE-2025-4218,0,0,a58de78c748f0c970b32963cfb0c0c4b002aa8f4aa47c3e31af6ad119f6d5528,2025-05-02T21:15:24.057000 CVE-2025-4222,0,0,d7e55c8bdf6a556e71c00ab53da641e383f5a7392abda11a90f9dd5f2800bf1c,2025-05-03T03:15:29.217000 CVE-2025-4226,0,0,256c886690389ae0541e1d1ea7f71899d0ed236ec6dc6f7c15cfa0dac8da60a3,2025-05-03T11:15:49.283000 +CVE-2025-4236,1,1,b02b73d2178832a88f0069b14b0ab050d3506e4246a4c6b03a35dfdf221c36c3,2025-05-03T14:15:16.360000 +CVE-2025-4237,1,1,b8dfb524fe6a3cc945f250dd88926768b7e86e7db972e69849a5847496c728cf,2025-05-03T15:15:46.190000 CVE-2025-42598,0,0,4c400d87dc34a2b74819c41bbdd48bd1c3da0af3c35841d82c2177d30b1cb5f5,2025-04-29T13:52:10.697000 CVE-2025-42599,0,0,d39e065342929b05f2b0a2b6fd7615d0e3f6e7c2f605fdbeb3b3bb9e83f12d93,2025-04-29T19:46:44.310000 CVE-2025-42600,0,0,a98a7820b508b5a8b0c7d0f0dd6cbaa5b07d1e37b05a983a49eb79024a0cd435,2025-04-23T14:08:13.383000