diff --git a/CVE-2024/CVE-2024-581xx/CVE-2024-58131.json b/CVE-2024/CVE-2024-581xx/CVE-2024-58131.json new file mode 100644 index 00000000000..041a3d1f45d --- /dev/null +++ b/CVE-2024/CVE-2024-581xx/CVE-2024-58131.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-58131", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-04-06T03:15:13.967", + "lastModified": "2025-04-06T03:15:13.967", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "FISCO BCOS 3.11.0 has an issue with synchronization of the transaction pool that can, for example, be observed when a malicious node (that has modified the codebase to allow a large min_seal_time value) joins a blockchain network." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L", + "baseScore": 4.0, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.2, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-821" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/FISCO-BCOS/FISCO-BCOS/issues/4656", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-581xx/CVE-2024-58132.json b/CVE-2024/CVE-2024-581xx/CVE-2024-58132.json new file mode 100644 index 00000000000..cb6d6b9df7e --- /dev/null +++ b/CVE-2024/CVE-2024-581xx/CVE-2024-58132.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-58132", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-04-06T03:15:15.290", + "lastModified": "2025-04-06T03:15:15.290", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In chainmaker-go (aka ChainMaker) before 2.3.6, multiple updates to a single node's configuration can cause other normal nodes to perform concurrent read and write operations on a map, leading to a panic." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L", + "baseScore": 4.0, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.2, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-821" + } + ] + } + ], + "references": [ + { + "url": "https://git.chainmaker.org.cn/chainmaker/issue/-/issues/1202", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-581xx/CVE-2024-58133.json b/CVE-2024/CVE-2024-581xx/CVE-2024-58133.json new file mode 100644 index 00000000000..bf8962a09fe --- /dev/null +++ b/CVE-2024/CVE-2024-581xx/CVE-2024-58133.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-58133", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-04-06T03:15:15.437", + "lastModified": "2025-04-06T03:15:15.437", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In chainmaker-go (aka ChainMaker) before 2.4.0, when making frequent updates to a node's configuration file and restarting this node, concurrent writes by logger.go to a map are mishandled. Creating other logs simultaneously can lead to a read-write conflict and panic." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L", + "baseScore": 4.0, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.2, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-821" + } + ] + } + ], + "references": [ + { + "url": "https://git.chainmaker.org.cn/chainmaker/issue/-/issues/1228", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-33xx/CVE-2025-3307.json b/CVE-2025/CVE-2025-33xx/CVE-2025-3307.json new file mode 100644 index 00000000000..7fa7edf286d --- /dev/null +++ b/CVE-2025/CVE-2025-33xx/CVE-2025-3307.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-3307", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-06T03:15:15.603", + "lastModified": "2025-04-06T03:15:15.603", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /reset.php. The manipulation of the argument useremail leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/p1026/CVE/issues/24", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.303504", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.303504", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.550192", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index f37f09826c1..1dc6e092944 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-04-06T02:00:19.546304+00:00 +2025-04-06T04:00:33.062171+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-04-06T01:15:40.663000+00:00 +2025-04-06T03:15:15.603000+00:00 ``` ### Last Data Feed Release @@ -33,21 +33,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -288705 +288709 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `4` -- [CVE-2025-3306](CVE-2025/CVE-2025-33xx/CVE-2025-3306.json) (`2025-04-06T01:15:40.663`) +- [CVE-2024-58131](CVE-2024/CVE-2024-581xx/CVE-2024-58131.json) (`2025-04-06T03:15:13.967`) +- [CVE-2024-58132](CVE-2024/CVE-2024-581xx/CVE-2024-58132.json) (`2025-04-06T03:15:15.290`) +- [CVE-2024-58133](CVE-2024/CVE-2024-581xx/CVE-2024-58133.json) (`2025-04-06T03:15:15.437`) +- [CVE-2025-3307](CVE-2025/CVE-2025-33xx/CVE-2025-3307.json) (`2025-04-06T03:15:15.603`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `0` -- [CVE-2025-32366](CVE-2025/CVE-2025-323xx/CVE-2025-32366.json) (`2025-04-06T00:15:18.980`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 2137547ee31..20a6f7bf4ef 100644 --- a/_state.csv +++ b/_state.csv @@ -277273,6 +277273,9 @@ CVE-2024-58128,0,0,2f080faeec9b7abd005e501afed73e7df0c396dabb6a1e25bf77fc72ecfac CVE-2024-58129,0,0,11e98106a59e025e34ac181bdadb4c8348e20bba976912e51d2c9c8ef8d2204d,2025-04-01T20:26:30.593000 CVE-2024-5813,0,0,53a768ef9b74ee03be1393dbcc310c528fc37406ef9a9107d27a6d2a3860c95b,2025-02-11T21:36:40.947000 CVE-2024-58130,0,0,b1da61426890522f6374bed5d854c2d8adfdac7556fa6282fde3bf2122dc7cb0,2025-04-01T20:26:30.593000 +CVE-2024-58131,1,1,9fd1d0f101e8504643dd97e11341423a7b57e2369ca3bb6c53dc98d5e69dcc9b,2025-04-06T03:15:13.967000 +CVE-2024-58132,1,1,63144f5332a5df63c528258323acf53fd624ad7a829f1669737504e10293900b,2025-04-06T03:15:15.290000 +CVE-2024-58133,1,1,2bec58de35812216083a092105ea8e4431fed0ed6a02e26ed74e4c4039d1fc18,2025-04-06T03:15:15.437000 CVE-2024-5814,0,0,409f119643711fe465e9fd028af3caf838fd31e85495ee2ac73938edab3d7b3e,2024-08-28T12:57:39.090000 CVE-2024-5815,0,0,aa6c60bd870ff05880c843bf9053a612a42ac0af7385b9bf8cbbf1b2da2f2182,2024-11-21T09:48:23.203000 CVE-2024-5816,0,0,c490583764d2ee04b708da0ed821af6513ea115f0c316a2acec1e6bc5b69b75a,2024-11-21T09:48:23.347000 @@ -288671,7 +288674,7 @@ CVE-2025-3236,0,0,5d4e067380b83b38fff7db048531cbbf8dd6b43b2fc6d26b5d090f351b090b CVE-2025-32360,0,0,0e74289220e4b285c0e8748f3e1650706d339f80b6d12512f31f5c70a948d5d7,2025-04-05T21:15:40.820000 CVE-2025-32364,0,0,cfb2ebfabb62fc4b801fb2bf95fe1940970bfddc2ea9963730d3ab7bd79a8124,2025-04-05T22:15:18.337000 CVE-2025-32365,0,0,26d24ab60b153da5a84d5f59bd2fd2acbadd4a9a5ca08171ad2b1fd85144179a,2025-04-05T22:15:19.010000 -CVE-2025-32366,0,1,55ed558c8590729fba4d42dd8e9fca74dbbfd7a7c513816303bb4016f69cddc5,2025-04-06T00:15:18.980000 +CVE-2025-32366,0,0,55ed558c8590729fba4d42dd8e9fca74dbbfd7a7c513816303bb4016f69cddc5,2025-04-06T00:15:18.980000 CVE-2025-3237,0,0,2b0634913d301c0209a0690fb90ddcaa8b200550805a1d4ec2db149b30fd4af2,2025-04-04T10:15:17.383000 CVE-2025-3238,0,0,49b7638c423114327b5e6867f71919ab552663d9bb2b5517ae05eef59b2968e0,2025-04-04T10:15:17.577000 CVE-2025-3239,0,0,a890b57275ecd0351eb57a0ff486b7b7ddc21d7a21c77a8b45094fdc21902b92,2025-04-04T11:15:40.393000 @@ -288703,4 +288706,5 @@ CVE-2025-3299,0,0,bddd729a6927cb255675ce738cd015969a7cc6b02a8cfe6feb6b634f6ef818 CVE-2025-3303,0,0,6221e6ee3090234e52eafd095ff7bb4444c418778b5f3445b7a8782971faacf3,2025-04-05T21:15:40.990000 CVE-2025-3304,0,0,29a38ac7df74814842edc977ed145111a95ed8ef942f514c967d6026c5a64b93,2025-04-05T22:15:19.203000 CVE-2025-3305,0,0,b2c90129fe183fd0375eb40e77713311a1f1af30e665ffd707316b1c76fdc5b4,2025-04-05T23:15:41.780000 -CVE-2025-3306,1,1,8af2b5a7c28d3e6ac3e8cb07eb340dc6f7805a9ee07cb14217b9df657d2f2410,2025-04-06T01:15:40.663000 +CVE-2025-3306,0,0,8af2b5a7c28d3e6ac3e8cb07eb340dc6f7805a9ee07cb14217b9df657d2f2410,2025-04-06T01:15:40.663000 +CVE-2025-3307,1,1,63f106264214ff92c87fdac82ad9be3ac393f211140d772f87db85e9aba4f279,2025-04-06T03:15:15.603000