From 997db68ed588d6e5eb576650826eacf1ddc85d7c Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 16 Apr 2025 06:03:55 +0000 Subject: [PATCH] Auto-Update: 2025-04-16T06:00:19.656527+00:00 --- CVE-2025/CVE-2025-220xx/CVE-2025-22018.json | 53 +++++++ CVE-2025/CVE-2025-36xx/CVE-2025-3666.json | 145 ++++++++++++++++++++ CVE-2025/CVE-2025-36xx/CVE-2025-3667.json | 145 ++++++++++++++++++++ CVE-2025/CVE-2025-36xx/CVE-2025-3668.json | 145 ++++++++++++++++++++ README.md | 23 ++-- _state.csv | 22 +-- 6 files changed, 510 insertions(+), 23 deletions(-) create mode 100644 CVE-2025/CVE-2025-220xx/CVE-2025-22018.json create mode 100644 CVE-2025/CVE-2025-36xx/CVE-2025-3666.json create mode 100644 CVE-2025/CVE-2025-36xx/CVE-2025-3667.json create mode 100644 CVE-2025/CVE-2025-36xx/CVE-2025-3668.json diff --git a/CVE-2025/CVE-2025-220xx/CVE-2025-22018.json b/CVE-2025/CVE-2025-220xx/CVE-2025-22018.json new file mode 100644 index 00000000000..126aabf4c91 --- /dev/null +++ b/CVE-2025/CVE-2025-220xx/CVE-2025-22018.json @@ -0,0 +1,53 @@ +{ + "id": "CVE-2025-22018", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-04-16T05:15:31.297", + "lastModified": "2025-04-16T05:15:31.297", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: Fix NULL pointer dereference\n\nWhen MPOA_cache_impos_rcvd() receives the msg, it can trigger\nNull Pointer Dereference Vulnerability if both entry and\nholding_time are NULL. Because there is only for the situation\nwhere entry is NULL and holding_time exists, it can be passed\nwhen both entry and holding_time are NULL. If these are NULL,\nthe entry will be passd to eg_cache_put() as parameter and\nit is referenced by entry->use code in it.\n\nkasan log:\n\n[ 3.316691] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006:I\n[ 3.317568] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]\n[ 3.318188] CPU: 3 UID: 0 PID: 79 Comm: ex Not tainted 6.14.0-rc2 #102\n[ 3.318601] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n[ 3.319298] RIP: 0010:eg_cache_remove_entry+0xa5/0x470\n[ 3.319677] Code: c1 f7 6e fd 48 c7 c7 00 7e 38 b2 e8 95 64 54 fd 48 c7 c7 40 7e 38 b2 48 89 ee e80\n[ 3.321220] RSP: 0018:ffff88800583f8a8 EFLAGS: 00010006\n[ 3.321596] RAX: 0000000000000006 RBX: ffff888005989000 RCX: ffffffffaecc2d8e\n[ 3.322112] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000030\n[ 3.322643] RBP: 0000000000000000 R08: 0000000000000000 R09: fffffbfff6558b88\n[ 3.323181] R10: 0000000000000003 R11: 203a207972746e65 R12: 1ffff11000b07f15\n[ 3.323707] R13: dffffc0000000000 R14: ffff888005989000 R15: ffff888005989068\n[ 3.324185] FS: 000000001b6313c0(0000) GS:ffff88806d380000(0000) knlGS:0000000000000000\n[ 3.325042] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 3.325545] CR2: 00000000004b4b40 CR3: 000000000248e000 CR4: 00000000000006f0\n[ 3.326430] Call Trace:\n[ 3.326725] \n[ 3.326927] ? die_addr+0x3c/0xa0\n[ 3.327330] ? exc_general_protection+0x161/0x2a0\n[ 3.327662] ? asm_exc_general_protection+0x26/0x30\n[ 3.328214] ? vprintk_emit+0x15e/0x420\n[ 3.328543] ? eg_cache_remove_entry+0xa5/0x470\n[ 3.328910] ? eg_cache_remove_entry+0x9a/0x470\n[ 3.329294] ? __pfx_eg_cache_remove_entry+0x10/0x10\n[ 3.329664] ? console_unlock+0x107/0x1d0\n[ 3.329946] ? __pfx_console_unlock+0x10/0x10\n[ 3.330283] ? do_syscall_64+0xa6/0x1a0\n[ 3.330584] ? entry_SYSCALL_64_after_hwframe+0x47/0x7f\n[ 3.331090] ? __pfx_prb_read_valid+0x10/0x10\n[ 3.331395] ? down_trylock+0x52/0x80\n[ 3.331703] ? vprintk_emit+0x15e/0x420\n[ 3.331986] ? __pfx_vprintk_emit+0x10/0x10\n[ 3.332279] ? down_trylock+0x52/0x80\n[ 3.332527] ? _printk+0xbf/0x100\n[ 3.332762] ? __pfx__printk+0x10/0x10\n[ 3.333007] ? _raw_write_lock_irq+0x81/0xe0\n[ 3.333284] ? __pfx__raw_write_lock_irq+0x10/0x10\n[ 3.333614] msg_from_mpoad+0x1185/0x2750\n[ 3.333893] ? __build_skb_around+0x27b/0x3a0\n[ 3.334183] ? __pfx_msg_from_mpoad+0x10/0x10\n[ 3.334501] ? __alloc_skb+0x1c0/0x310\n[ 3.334809] ? __pfx___alloc_skb+0x10/0x10\n[ 3.335283] ? _raw_spin_lock+0xe0/0xe0\n[ 3.335632] ? finish_wait+0x8d/0x1e0\n[ 3.335975] vcc_sendmsg+0x684/0xba0\n[ 3.336250] ? __pfx_vcc_sendmsg+0x10/0x10\n[ 3.336587] ? __pfx_autoremove_wake_function+0x10/0x10\n[ 3.337056] ? fdget+0x176/0x3e0\n[ 3.337348] __sys_sendto+0x4a2/0x510\n[ 3.337663] ? __pfx___sys_sendto+0x10/0x10\n[ 3.337969] ? ioctl_has_perm.constprop.0.isra.0+0x284/0x400\n[ 3.338364] ? sock_ioctl+0x1bb/0x5a0\n[ 3.338653] ? __rseq_handle_notify_resume+0x825/0xd20\n[ 3.339017] ? __pfx_sock_ioctl+0x10/0x10\n[ 3.339316] ? __pfx___rseq_handle_notify_resume+0x10/0x10\n[ 3.339727] ? selinux_file_ioctl+0xa4/0x260\n[ 3.340166] __x64_sys_sendto+0xe0/0x1c0\n[ 3.340526] ? syscall_exit_to_user_mode+0x123/0x140\n[ 3.340898] do_syscall_64+0xa6/0x1a0\n[ 3.341170] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 3.341533] RIP: 0033:0x44a380\n[ 3.341757] Code: 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c00\n[ \n---truncated---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/09691f367df44fe93255274d80a439f9bb3263fc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/0ef6e49881b6b50ac454cb9d6501d009fdceb6fc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/14c7aca5ba2740973de27c1bb8df77b4dcb6f775", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/1505f9b720656b17865e4166ab002960162bf679", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3c23bb2c894e9ef2727682f98c341b20f78c9013", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9da6b6340dbcf0f60ae3ec6a7d6438337c32518a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ab92f51c7f53a08f1a686bfb80690ebb3672357d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bf2986fcf82a449441f9ee4335df19be19e83970", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d7f1e4a53a51cc6ba833afcb40439f18dab61c1f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-36xx/CVE-2025-3666.json b/CVE-2025/CVE-2025-36xx/CVE-2025-3666.json new file mode 100644 index 00000000000..2feb916daf7 --- /dev/null +++ b/CVE-2025/CVE-2025-36xx/CVE-2025-3666.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-3666", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-16T04:15:23.040", + "lastModified": "2025-04-16T04:15:23.040", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as critical. Affected by this issue is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "baseScore": 5.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 10.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-266" + }, + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://lavender-bicycle-a5a.notion.site/TOTOLINK-A3700R-setDdnsCfg-1cb53a41781f8001b9c0f345a120e2e7?pvs=4", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.304844", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.304844", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.551298", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.totolink.net/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-36xx/CVE-2025-3667.json b/CVE-2025/CVE-2025-36xx/CVE-2025-3667.json new file mode 100644 index 00000000000..9720f4f7fb3 --- /dev/null +++ b/CVE-2025/CVE-2025-36xx/CVE-2025-3667.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-3667", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-16T05:15:32.660", + "lastModified": "2025-04-16T05:15:32.660", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been classified as critical. This affects the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "baseScore": 5.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 10.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-266" + }, + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://lavender-bicycle-a5a.notion.site/TOTOLINK-A3700R-setUPnPCfg-1cb53a41781f802b8b16f973366ee5e3?pvs=4", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.304845", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.304845", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.551299", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.totolink.net/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-36xx/CVE-2025-3668.json b/CVE-2025/CVE-2025-36xx/CVE-2025-3668.json new file mode 100644 index 00000000000..6e817beccd1 --- /dev/null +++ b/CVE-2025/CVE-2025-36xx/CVE-2025-3668.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-3668", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-16T05:15:33.003", + "lastModified": "2025-04-16T05:15:33.003", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been declared as critical. This vulnerability affects the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "baseScore": 5.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 10.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-266" + }, + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://lavender-bicycle-a5a.notion.site/TOTOLINK-A3700R-setScheduleCfg-1cb53a41781f8042a841e2e19e010464?pvs=4", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.304846", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.304846", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.551300", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.totolink.net/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 85451ecc927..97661cdedae 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-04-16T04:00:19.757928+00:00 +2025-04-16T06:00:19.656527+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-04-16T03:15:18.223000+00:00 +2025-04-16T05:15:33.003000+00:00 ``` ### Last Data Feed Release @@ -33,28 +33,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -290102 +290106 ``` ### CVEs added in the last Commit -Recently added CVEs: `8` +Recently added CVEs: `4` -- [CVE-2024-13452](CVE-2024/CVE-2024-134xx/CVE-2024-13452.json) (`2025-04-16T03:15:17.067`) -- [CVE-2025-2314](CVE-2025/CVE-2025-23xx/CVE-2025-2314.json) (`2025-04-16T03:15:17.240`) -- [CVE-2025-30100](CVE-2025/CVE-2025-301xx/CVE-2025-30100.json) (`2025-04-16T02:15:41.270`) -- [CVE-2025-3495](CVE-2025/CVE-2025-34xx/CVE-2025-3495.json) (`2025-04-16T03:15:17.530`) -- [CVE-2025-3663](CVE-2025/CVE-2025-36xx/CVE-2025-3663.json) (`2025-04-16T03:15:17.680`) -- [CVE-2025-3664](CVE-2025/CVE-2025-36xx/CVE-2025-3664.json) (`2025-04-16T03:15:17.883`) -- [CVE-2025-3665](CVE-2025/CVE-2025-36xx/CVE-2025-3665.json) (`2025-04-16T03:15:18.057`) -- [CVE-2025-3698](CVE-2025/CVE-2025-36xx/CVE-2025-3698.json) (`2025-04-16T03:15:18.223`) +- [CVE-2025-22018](CVE-2025/CVE-2025-220xx/CVE-2025-22018.json) (`2025-04-16T05:15:31.297`) +- [CVE-2025-3666](CVE-2025/CVE-2025-36xx/CVE-2025-3666.json) (`2025-04-16T04:15:23.040`) +- [CVE-2025-3667](CVE-2025/CVE-2025-36xx/CVE-2025-3667.json) (`2025-04-16T05:15:32.660`) +- [CVE-2025-3668](CVE-2025/CVE-2025-36xx/CVE-2025-3668.json) (`2025-04-16T05:15:33.003`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `0` -- [CVE-2025-3155](CVE-2025/CVE-2025-31xx/CVE-2025-3155.json) (`2025-04-16T03:15:17.380`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 036fe00700e..ca09d8df2f5 100644 --- a/_state.csv +++ b/_state.csv @@ -247932,7 +247932,7 @@ CVE-2024-13448,0,0,99bef776585fb11dba8e8ef9f028b4f3c7371956a91f9b56a4977bbe471e6 CVE-2024-13449,0,0,52b88677fd423c43b44e149505ef75bf01f315f780529f08af2d104c0e8e8913,2025-02-04T18:12:53.713000 CVE-2024-1345,0,0,b705c881b64934a656687f4bb2d7ed2b74763da5751afa84b0b2fd5eae033431,2025-03-24T17:12:18.113000 CVE-2024-13450,0,0,43fcdfa95c84c4f9958bcf0ed96f0c3b1c10185c108adb08c789dbe5f2feb02b,2025-02-04T20:48:58 -CVE-2024-13452,1,1,2079e104d1bed0137893188a6db0bbcc1e1ab71aca174566063b19936f12faf5,2025-04-16T03:15:17.067000 +CVE-2024-13452,0,0,2079e104d1bed0137893188a6db0bbcc1e1ab71aca174566063b19936f12faf5,2025-04-16T03:15:17.067000 CVE-2024-13453,0,0,e64fc58d83e3540bb01a99edb8cd9df274ae0c7a0249b0fd357ec05d1fc54281,2025-02-18T19:15:13.770000 CVE-2024-13454,0,0,14313d18c59abf0795f9e65c924b2232675b3f5fcf8c69fe1d32af5f5cac5a65,2025-01-21T20:15:30.793000 CVE-2024-13455,0,0,8457fc75e884c82a6bed373b6665661978e54463bf4d1b7eab90cc8af418d768,2025-02-25T03:29:41.680000 @@ -283811,6 +283811,7 @@ CVE-2025-22014,0,0,d0677bce9b40bf2440f1e3f05d26248d0f1a8e04e3af5766ae8663607da1e CVE-2025-22015,0,0,76ef40b09e4f1cb899d4a2ab31f22c4f6d8c6e60d75140b0b3e5777f401c7fbf,2025-04-08T18:13:53.347000 CVE-2025-22016,0,0,147b90da5e7863ebd9aa554a0d14ec0b4cb2770bdef3a66630422d63719c334c,2025-04-08T18:13:53.347000 CVE-2025-22017,0,0,47242ca22d32729ade7b3f671002250e206d140a0d8f74e89394f4529c76da51,2025-04-08T18:13:53.347000 +CVE-2025-22018,1,1,d327e10a541b12bcbf37dc757188fd2a7ab983d5f4cbe506b5820b89f5f4061c,2025-04-16T05:15:31.297000 CVE-2025-2202,0,0,cf0ba4cc9b924e183defbee63ce1af96a184cec0b7613a3c88b1e156bd38ec40,2025-03-17T11:15:37.970000 CVE-2025-2205,0,0,fbf363faec05dffcfc872bf5b989460ea4958dbb9808068cb2832da5e42818ef,2025-03-12T04:15:19.810000 CVE-2025-2206,0,0,6d4b6e8bdf6b24741a4430972818a20f8052ecfc15f1df2ff630f331c8dbd714,2025-03-11T20:15:18.487000 @@ -284559,7 +284560,7 @@ CVE-2025-23125,0,0,2e6f0fce9ee8e787d649705f4cf1025930f6b72d6ac2efc70c4c1837b8d7d CVE-2025-23126,0,0,aec9ca15332b86ad22382c8419cfef8190ae4b723f5c3088974b31a1f5dd4089,2025-01-11T15:15:09.100000 CVE-2025-23127,0,0,ef1aeaee3e917139d62386eaa309c28fa46e54be8ed45ecdaab4f9d4f96931db,2025-01-11T15:15:09.173000 CVE-2025-23128,0,0,856260a69fb4f1bb5d13296c47ffc7dac686c7ca9a44fff8151b1b7f11a740a9,2025-01-11T15:15:09.250000 -CVE-2025-2314,1,1,a168ed8a8a8a7cfcbab4e3fb8a001b095c099632f3d69009fa8c80f6783c6347,2025-04-16T03:15:17.240000 +CVE-2025-2314,0,0,a168ed8a8a8a7cfcbab4e3fb8a001b095c099632f3d69009fa8c80f6783c6347,2025-04-16T03:15:17.240000 CVE-2025-2317,0,0,9ea9ba34615d5bc5ee8806158627db355af143699ea415828af46066a4160dd0,2025-04-07T14:18:15.560000 CVE-2025-23184,0,0,d117de9ebd2827a8b285a215a95edfb5f2bc8c36d298a840f4f419212fe8e651,2025-02-15T01:15:11.010000 CVE-2025-23185,0,0,6a8fc3993811d2ce0c7ae31663c2f10b11720d00b7d18acd6d25289de30c4360,2025-03-11T01:15:34.330000 @@ -288130,7 +288131,7 @@ CVE-2025-30092,0,0,81be76bd5e4d358e5e497793b136a481ab98791f4e442314445db080e37b8 CVE-2025-30093,0,0,1b6f9f05e31019a953ba5e0a3595825a9aa3d03b71a7b0fef4f489c7f79cb737,2025-03-28T18:11:40.180000 CVE-2025-30095,0,0,93e17bec8d1cf481725cf4f9bcf311125c6633428f3ca644a0806bd1e05b67db,2025-04-11T14:15:24.813000 CVE-2025-3010,0,0,0be162920eaabdfafeeb15da6565caf83eea25a19d64f9d941d63d7a5862718e,2025-04-01T20:26:22.890000 -CVE-2025-30100,1,1,f36b418785fbf99ed7e3d43ce256d83a9a639566d1d4080521516a5311ad481c,2025-04-16T02:15:41.270000 +CVE-2025-30100,0,0,f36b418785fbf99ed7e3d43ce256d83a9a639566d1d4080521516a5311ad481c,2025-04-16T02:15:41.270000 CVE-2025-30106,0,0,d0ec2fed531a791fcdb7e275c6cc676f11c96b4c23a970884370a41e87a3b6a0,2025-03-21T17:15:40.227000 CVE-2025-30107,0,0,7ae7d3e2db9a3bcfc7100b14968701083bbe2237ed720df55c99fa3bf4e70491,2025-03-24T22:15:14.450000 CVE-2025-30109,0,0,c697d3ced89db3fb240ff33efe8653842b736020e748d3eead592e6135cb99ac,2025-03-21T17:15:40.447000 @@ -289050,7 +289051,7 @@ CVE-2025-31546,0,0,ea1a0fbb32fc0d8f843e251c2900c9f3bf773f8bead39ce5af4bea45a6c7d CVE-2025-31547,0,0,f5607c580924af16dd0ada70846ece32dcd8885ccfe1f299b8e940090918b0c6,2025-04-01T20:26:30.593000 CVE-2025-31548,0,0,d1b4214b4f31dcd8a9025f858166713a075840a49164ed00e12986869a0aecde,2025-04-02T14:58:07.527000 CVE-2025-31549,0,0,6e04d0af8bd8de1ee53eb25324158c685c942726fcb5a8e75e9378a9fbb44aac,2025-04-01T20:26:30.593000 -CVE-2025-3155,0,1,3f2f8cbb10b024f8148edc291194a81ce813e84f90c23c60b4a12cc9e9054afe,2025-04-16T03:15:17.380000 +CVE-2025-3155,0,0,3f2f8cbb10b024f8148edc291194a81ce813e84f90c23c60b4a12cc9e9054afe,2025-04-16T03:15:17.380000 CVE-2025-31550,0,0,83f208aa53a9d367608231584d9c7b6b24f74f32a0a08dd8a80b85123a4b82ee,2025-04-02T14:58:07.527000 CVE-2025-31551,0,0,01a6ff107cfbcc3282db3d6ad9a7d1be104aab604084a23cac69debe8b4c1934,2025-04-02T14:58:07.527000 CVE-2025-31552,0,0,acadf09f28068f6285801331d50088e92d056876ddaa343a4a85705dae7fcdc2,2025-04-02T14:58:07.527000 @@ -290031,7 +290032,7 @@ CVE-2025-3470,0,0,19aa6171d68cb7df7c1f3be18d7bfe917a85b5b7f1d5f3673d31726045a390 CVE-2025-3474,0,0,86c754cf553decd220dba53e5d0d63448d8121da39946fc69feccec714981904,2025-04-09T20:02:41.860000 CVE-2025-3475,0,0,443d35ed0e717701a1888d83d8695b8f16fb37648583a3e79025b880997d544a,2025-04-09T20:02:41.860000 CVE-2025-3489,0,0,67fcd6c9f94bb6bf638f4e8bb2240b0887ef71aca32f3728fb5180eccf26711c,2025-04-11T15:40:10.277000 -CVE-2025-3495,1,1,33f3b3c0a3fdb55ad65eb4232402007b3699ef75002cf367ec54d67d64f7957b,2025-04-16T03:15:17.530000 +CVE-2025-3495,0,0,33f3b3c0a3fdb55ad65eb4232402007b3699ef75002cf367ec54d67d64f7957b,2025-04-16T03:15:17.530000 CVE-2025-3512,0,0,036d013cd0e3204c7e29f8f12826d9befccf940571ea0ad101dc3475585d72f8,2025-04-11T15:39:52.920000 CVE-2025-3522,0,0,13b86e2113b9916628d4f3c98532160fc0a580631a97f6054902fe5b2e21cfb5,2025-04-15T19:16:08.057000 CVE-2025-3523,0,0,fa61e276ed520c60ef470d9ec997dd78ddb7b8dd8cb8ae65af3613434a0804b4,2025-04-15T18:39:27.967000 @@ -290097,7 +290098,10 @@ CVE-2025-3613,0,0,9c314abbc6473987a4462c7f86d0ede7026d1a1d89f3e10127913343b31eed CVE-2025-3617,0,0,8b166380afe19241854c65e4319a7a4bf7fa4a3b21b435fec16e6239c6e67cc8,2025-04-15T18:39:27.967000 CVE-2025-3618,0,0,eda45473138c6808735db2df162e6171a422dd9195142056b67b3d52202066c7,2025-04-15T18:39:27.967000 CVE-2025-3622,0,0,6b7db9933e6b248f0000367113483a5e806bad53678214380c37af6b793ac885,2025-04-15T18:39:27.967000 -CVE-2025-3663,1,1,fa2e0960b918812c638afdd8c1c2fafb9b500a45bc96c2abddaf978fcf1b98a1,2025-04-16T03:15:17.680000 -CVE-2025-3664,1,1,cf22f719d3698b38e86a180ea4652dc27df85c18f033ca8e0b197b572edbf120,2025-04-16T03:15:17.883000 -CVE-2025-3665,1,1,1f4374ee4287f0666887b1c9fc6ecdfcbb0aa03e9e8bb8ffd16185df92964133,2025-04-16T03:15:18.057000 -CVE-2025-3698,1,1,ef82dc028cd253273764159d19762bdf354152d22755dd0186a08209438342d7,2025-04-16T03:15:18.223000 +CVE-2025-3663,0,0,fa2e0960b918812c638afdd8c1c2fafb9b500a45bc96c2abddaf978fcf1b98a1,2025-04-16T03:15:17.680000 +CVE-2025-3664,0,0,cf22f719d3698b38e86a180ea4652dc27df85c18f033ca8e0b197b572edbf120,2025-04-16T03:15:17.883000 +CVE-2025-3665,0,0,1f4374ee4287f0666887b1c9fc6ecdfcbb0aa03e9e8bb8ffd16185df92964133,2025-04-16T03:15:18.057000 +CVE-2025-3666,1,1,013c53642f9002028db16e0f6f66c915614dba9a66ded506d4bf5a7e3a4d6559,2025-04-16T04:15:23.040000 +CVE-2025-3667,1,1,1b2b51d7de6babb6a695353dfe57612a861c8ad2b5e591ebe4981ac8b2b614d3,2025-04-16T05:15:32.660000 +CVE-2025-3668,1,1,58342357ea7ebc8c499e4c8a044a0200fc62864e574b400d3c8f0e35870b4b7b,2025-04-16T05:15:33.003000 +CVE-2025-3698,0,0,ef82dc028cd253273764159d19762bdf354152d22755dd0186a08209438342d7,2025-04-16T03:15:18.223000