Auto-Update: 2025-07-05T02:00:11.266622+00:00

2025-07-09 16:05:11 +00:00 · 2025-07-05 02:03:47 +00:00 · 2025-07-05 02:03:47 +00:00 · 9188025b49
commit 9188025b49
parent b4bd497eac
7 changed files with 331 additions and 13 deletions
--- a/CVE-2025/CVE-2025-268xx/CVE-2025-26850.json
+++ b/CVE-2025/CVE-2025-268xx/CVE-2025-26850.json
@ -0,0 +1,56 @@
+{
+  "id": "CVE-2025-26850",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2025-07-05T00:15:22.670",
+  "lastModified": "2025-07-05T00:15:22.670",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The agent in Quest KACE Systems Management Appliance (SMA) before 14.0.97 and 14.1.x before 14.1.19 potentially allows privilege escalation on managed systems."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve@mitre.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
+          "baseScore": 9.3,
+          "baseSeverity": "CRITICAL",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 2.5,
+        "impactScore": 6.0
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve@mitre.org",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-863"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://support.quest.com/kb/4378559/quest-response-to-kace-sma-agent-vulnerability-cve-2025-26850",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-437xx/CVE-2025-43711.json
+++ b/CVE-2025/CVE-2025-437xx/CVE-2025-43711.json
@ -0,0 +1,60 @@
+{
+  "id": "CVE-2025-43711",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2025-07-05T00:15:23.733",
+  "lastModified": "2025-07-05T00:15:23.733",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Tunnelblick 3.5beta06 before 7.0, when incompletely uninstalled, allows attackers to execute arbitrary code as root (upon the next boot) by dragging a crafted Tunnelblick.app file into /Applications."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve@mitre.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
+          "baseScore": 8.1,
+          "baseSeverity": "HIGH",
+          "attackVector": "LOCAL",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 1.4,
+        "impactScore": 6.0
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve@mitre.org",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-459"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://tunnelblick.net/cCVE-2025-43711.html",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://tunnelblick.net/downloads.html",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-536xx/CVE-2025-53603.json
+++ b/CVE-2025/CVE-2025-536xx/CVE-2025-53603.json
@ -0,0 +1,68 @@
+{
+  "id": "CVE-2025-53603",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2025-07-05T01:15:27.360",
+  "lastModified": "2025-07-05T01:15:27.360",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In Alinto SOPE SOGo 2.0.2 through 5.12.2, sope-core/NGExtensions/NGHashMap.m allows a NULL pointer dereference and SOGo crash via a request in which a parameter in the query string is a duplicate of a parameter in the POST body."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve@mitre.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve@mitre.org",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-476"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/Alinto/sope/blob/3146fbdb6ff3314e37e5c3682deeeef7d0f32064/sope-core/NGExtensions/NGHashMap.m#L790",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/Alinto/sope/compare/SOGo-2.0.1...SOGo-2.0.2",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/Alinto/sope/pull/69",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.openwall.com/lists/oss-security/2025/07/02/3",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-536xx/CVE-2025-53604.json
+++ b/CVE-2025/CVE-2025-536xx/CVE-2025-53604.json
@ -0,0 +1,64 @@
+{
+  "id": "CVE-2025-53604",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2025-07-05T01:15:28.340",
+  "lastModified": "2025-07-05T01:15:28.340",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The web-push crate before 0.10.3 for Rust allows a denial of service (memory consumption) in the built-in clients via a large integer in a Content-Length header."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve@mitre.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L",
+          "baseScore": 4.0,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "LOW"
+        },
+        "exploitabilityScore": 2.2,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve@mitre.org",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-130"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://crates.io/crates/web-push",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/pimeys/rust-web-push/pull/68",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://rustsec.org/advisories/RUSTSEC-2025-0015.html",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-536xx/CVE-2025-53605.json
+++ b/CVE-2025/CVE-2025-536xx/CVE-2025-53605.json
@ -0,0 +1,64 @@
+{
+  "id": "CVE-2025-53605",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2025-07-05T01:15:28.523",
+  "lastModified": "2025-07-05T01:15:28.523",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::coded_input_stream::CodedInputStream::skip_group parsing of unknown fields in untrusted input."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve@mitre.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
+          "baseScore": 5.9,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 2.2,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve@mitre.org",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-674"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://crates.io/crates/protobuf",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/stepancheg/rust-protobuf/issues/749",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://rustsec.org/advisories/RUSTSEC-2024-0437",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2025-07-04T23:55:11.060635+00:00
+2025-07-05T02:00:11.266622+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2025-07-04T23:15:21.760000+00:00
+2025-07-05T01:15:28.523000+00:00
 ```

 ### Last Data Feed Release
@ -27,23 +27,24 @@ Repository synchronizes with the NVD every 2 hours.
 Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)

 ```plain
-2025-07-04T00:00:02.110622+00:00
+2025-07-05T00:00:02.114865+00:00
 ```

 ### Total Number of included CVEs

 ```plain
-300436
+300441
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `4`
+Recently added CVEs: `5`

- [CVE-2025-48952](CVE-2025/CVE-2025-489xx/CVE-2025-48952.json) (`2025-07-04T23:15:21.760`)
- [CVE-2025-53365](CVE-2025/CVE-2025-533xx/CVE-2025-53365.json) (`2025-07-04T22:15:22.117`)
- [CVE-2025-53366](CVE-2025/CVE-2025-533xx/CVE-2025-53366.json) (`2025-07-04T22:15:22.300`)
- [CVE-2025-7070](CVE-2025/CVE-2025-70xx/CVE-2025-7070.json) (`2025-07-04T22:15:22.450`)
+- [CVE-2025-26850](CVE-2025/CVE-2025-268xx/CVE-2025-26850.json) (`2025-07-05T00:15:22.670`)
+- [CVE-2025-43711](CVE-2025/CVE-2025-437xx/CVE-2025-43711.json) (`2025-07-05T00:15:23.733`)
+- [CVE-2025-53603](CVE-2025/CVE-2025-536xx/CVE-2025-53603.json) (`2025-07-05T01:15:27.360`)
+- [CVE-2025-53604](CVE-2025/CVE-2025-536xx/CVE-2025-53604.json) (`2025-07-05T01:15:28.340`)
+- [CVE-2025-53605](CVE-2025/CVE-2025-536xx/CVE-2025-53605.json) (`2025-07-05T01:15:28.523`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -289537,6 +289537,7 @@ CVE-2025-26846,0,0,2164767227730b28c4b4868da96f4f5c7bb49b369c35864b07c2710ae6186
 CVE-2025-26847,0,0,3d233c816c39dc38d8668bdd12825abe7f5cae8144b9287d9334a3289625d929,2025-05-16T15:39:00.600000
 CVE-2025-26849,0,0,b01e97de5d13c5e322817bb01db0ae13a4e34f402b7f75a8f8b8da54efb28ebd,2025-03-05T04:15:12.367000
 CVE-2025-2685,0,0,e47390d79e6358f0707017a49a80b868500d2e61df885503f5f07ed00adc5d2f,2025-03-27T16:45:27.850000
+CVE-2025-26850,1,1,01a03d0b12a942aa835d04a5d8dbdf01ed542e65767299680a56d58e3097c5d5,2025-07-05T00:15:22.670000
 CVE-2025-26852,0,0,d2fbc16260605a1399a1a51f29d4909881f6e74e5303f79849970f70fec18739,2025-04-23T18:59:47.253000
 CVE-2025-26853,0,0,b4d501221b958b69b8680b27722da7876f60455a590dcd68bb308199eb3f564e,2025-04-23T19:13:36.757000
 CVE-2025-26856,0,0,7824298cfc11aa81d23219a23487dd842dd5c11d44f90723ef1786188c90cd64,2025-02-20T06:15:21.673000
@ -295867,6 +295868,7 @@ CVE-2025-43701,0,0,cdb9e5c0513ac4fc64d1742761490b6e885c34f05f46ce897491703334c8a
 CVE-2025-43703,0,0,d6625a868be77b8d7893d215165a3a98f3361eec5aed450c8d69ce3a9dfaf391,2025-04-17T20:21:48.243000
 CVE-2025-43704,0,0,e4a4f68c1c515be2555ad90b5dc0fde58f5ff1d76445660f48da718ee733becf,2025-04-17T20:21:48.243000
 CVE-2025-43708,0,0,d38c003beeae09584e47fb48659652128bc4a5d2c5ae13da147de319358e0588,2025-04-17T20:21:48.243000
+CVE-2025-43711,1,1,41ec2e168dee2a12ef3e8b130af5b1288ee1d1434f1cc9b3bcb199c9f8b3412b,2025-07-05T00:15:23.733000
 CVE-2025-43713,0,0,c9e23d81a895e248042f74cdcb8eff35537bd8bc75ccec0bd91d3702849f3977,2025-07-03T15:13:53.147000
 CVE-2025-43714,0,0,cb1496a71eb67171c1556f15fdd8377c3f3c264e0a77af928be602b0d89248f5,2025-06-12T16:24:24.810000
 CVE-2025-43715,0,0,16cf4954d648fd87012f5a88d33c7f63ff2347a1f446f7ec65261364d5ff03d8,2025-04-17T20:21:48.243000
@ -298068,7 +298070,7 @@ CVE-2025-48949,0,0,fc8b75cb76f12da9c381ba1cbe524a49076c2a7b248109a10affb97261136
 CVE-2025-4895,0,0,451159abdd179506166eda92c0cc3ecdcfca15d4a903bf6a2c0ccf029c166653,2025-05-21T19:37:48.777000
 CVE-2025-48950,0,0,cc973f7c5355f4974e0729310c9855d4650934cbce88e929f2539748e53aae88,2025-06-04T14:54:33.783000
 CVE-2025-48951,0,0,ede6a9271ef2c495a550496dbd581ce6ffb53f4b9f98c935ca8083cc1b4fd602,2025-06-04T21:15:40.580000
-CVE-2025-48952,1,1,d6937bc4609a057824c1dde97cf5f87bb50a777073b76c9325e7e0feb04b027a,2025-07-04T23:15:21.760000
+CVE-2025-48952,0,0,d6937bc4609a057824c1dde97cf5f87bb50a777073b76c9325e7e0feb04b027a,2025-07-04T23:15:21.760000
 CVE-2025-48953,0,0,70684a4684db41347c8126e913d4ccc37a9d8250a7889d7b10445edb04853791,2025-06-04T14:54:33.783000
 CVE-2025-48954,0,0,9a5d9fdbff1bbd7ba308d1268f50bac1e3ed28dbf527070a93b616756ee29907,2025-06-26T18:57:43.670000
 CVE-2025-48955,0,0,560b04619e43ec6eda07e48b947f9bc229ed274e024fa427eb478249da962f8f,2025-06-02T17:32:17.397000
@ -299221,8 +299223,8 @@ CVE-2025-5335,0,0,5abfb5e74bc6ec2f8ed9b95f56ffcbd4f93dcd183997df85e24502ad959346
 CVE-2025-53358,0,0,3d97a4954e653a509d4005c71cf64fbb269b7293bb5ffaddd5ae485b7c74944b,2025-07-03T15:13:53.147000
 CVE-2025-53359,0,0,45ed40db77640f47ba583ca32d5c60d80ffbacd98c4463b392cad98fdcfa3117,2025-07-03T15:13:53.147000
 CVE-2025-5336,0,0,51ebbfc8a6c001d043ad92fbb70974a3ccedacbc8290bd5643cc8faeb9732c02,2025-06-16T12:32:18.840000
-CVE-2025-53365,1,1,a04aa20f634d5cc2c76b3a5c2c874b1fc6afa8cec04d4c06c28eedb595b84aa8,2025-07-04T22:15:22.117000
-CVE-2025-53366,1,1,278f06f71382e3197b901b5af1601584aeb379b793bf57697bcc9c6384d7f89c,2025-07-04T22:15:22.300000
+CVE-2025-53365,0,0,a04aa20f634d5cc2c76b3a5c2c874b1fc6afa8cec04d4c06c28eedb595b84aa8,2025-07-04T22:15:22.117000
+CVE-2025-53366,0,0,278f06f71382e3197b901b5af1601584aeb379b793bf57697bcc9c6384d7f89c,2025-07-04T22:15:22.300000
 CVE-2025-53367,0,0,53fcb440f7d5bc00881a51ca9bbc481ac0441fcc6f11b71200db91212c4ee6c6,2025-07-03T22:15:21.140000
 CVE-2025-53368,0,0,be3c0a7f58e2bbd4e68679c536da2e841620327ebe3522ae8a918c23f429e2ff,2025-07-03T20:15:23.577000
 CVE-2025-53369,0,0,935c1344485ff5b914be62cc3781976d8c660c47c3bc47debabf78b9f979ea5a,2025-07-03T20:15:23.737000
@ -299273,6 +299275,9 @@ CVE-2025-53599,0,0,111b60ab172be48052b423c979314dcd8f917153e5cc0bf41e87ee1416b2b
 CVE-2025-5360,0,0,f6f6f0a68bcc88f729faa5e7b6e62c265dbe0f87de895580450e0ebfdb395bd6,2025-06-03T15:35:19.237000
 CVE-2025-53600,0,0,45e4b949bc6405088d1f4c8d66b4b394a5ccae231bce59e0ab096930b3dbdb3b,2025-07-04T08:15:25.823000
 CVE-2025-53602,0,0,4fbb0da67d943a966608913bc985271718ea508f9069cf69ef43d7e44a315671,2025-07-04T21:15:23.560000
+CVE-2025-53603,1,1,0ef57944661b4a8c37178144fe0bcd4e8f50c238641c089e241bfcc769261b09,2025-07-05T01:15:27.360000
+CVE-2025-53604,1,1,1bab9e277cfa892c064c40bbba3b5c77ef51c31c8d81c51bf21cb4ac9451d9e9,2025-07-05T01:15:28.340000
+CVE-2025-53605,1,1,e1850a90bbd00208fdd0f92f6be0091829f3c2d4f97e87d63797a52d65dc4d4d,2025-07-05T01:15:28.523000
 CVE-2025-5361,0,0,63ed55da0a8819c3072e9ae5cbf20f6ad96bd8fa3415071144a15d946aef0cb0,2025-06-03T15:35:09.950000
 CVE-2025-5362,0,0,33b74730f9e7ac14985e93de797c2da60e582983293fbae692e330f50a44162c,2025-06-03T15:34:57.473000
 CVE-2025-5363,0,0,d48d3a878cc2187658148b214cb6829e36972108c01dfa0cb86b9cac54da6616,2025-06-03T15:34:39.567000
@ -300434,4 +300439,4 @@ CVE-2025-7066,0,0,998f6b55a42342a8b0f4fda5076c6090356f0a52d1edd36c9bb39b315048f3
 CVE-2025-7067,0,0,ef4baff7115bd21a0a6909e0c3045023f49e50286af658a7d9865083709da10c,2025-07-04T18:15:23.610000
 CVE-2025-7068,0,0,39683738c2c7b611d3d7f7a9ea910628930e44658205b4c41e69f865d1b9010b,2025-07-04T21:15:23.770000
 CVE-2025-7069,0,0,a8925f52082dbe5c58f7eabd312512eb1093b5a4e00cdea22b79df2980ac7481,2025-07-04T21:15:23.967000
-CVE-2025-7070,1,1,5f1d750a5e8c3a8f6a22a3c4ba050db3b74a14614263bd616051bd77ed245d73,2025-07-04T22:15:22.450000
+CVE-2025-7070,0,0,5f1d750a5e8c3a8f6a22a3c4ba050db3b74a14614263bd616051bd77ed245d73,2025-07-04T22:15:22.450000