diff --git a/CVE-2020/CVE-2020-235xx/CVE-2020-23589.json b/CVE-2020/CVE-2020-235xx/CVE-2020-23589.json index a929105b73a..870bb321e24 100644 --- a/CVE-2020/CVE-2020-235xx/CVE-2020-23589.json +++ b/CVE-2020/CVE-2020-235xx/CVE-2020-23589.json @@ -2,7 +2,7 @@ "id": "CVE-2020-23589", "sourceIdentifier": "cve@mitre.org", "published": "2022-11-23T02:15:09.310", - "lastModified": "2024-11-21T05:13:56.107", + "lastModified": "2025-04-29T16:15:22.040", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-352" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] } ], "configurations": [ diff --git a/CVE-2020/CVE-2020-235xx/CVE-2020-23590.json b/CVE-2020/CVE-2020-235xx/CVE-2020-23590.json index 240931b2a2c..1be4ef56a5c 100644 --- a/CVE-2020/CVE-2020-235xx/CVE-2020-23590.json +++ b/CVE-2020/CVE-2020-235xx/CVE-2020-23590.json @@ -2,7 +2,7 @@ "id": "CVE-2020-23590", "sourceIdentifier": "cve@mitre.org", "published": "2022-11-23T02:15:09.367", - "lastModified": "2024-11-21T05:13:56.240", + "lastModified": "2025-04-29T16:15:22.267", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-352" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] } ], "configurations": [ diff --git a/CVE-2020/CVE-2020-235xx/CVE-2020-23591.json b/CVE-2020/CVE-2020-235xx/CVE-2020-23591.json index c7db63ebf3f..34d91ccac9f 100644 --- a/CVE-2020/CVE-2020-235xx/CVE-2020-23591.json +++ b/CVE-2020/CVE-2020-235xx/CVE-2020-23591.json @@ -2,7 +2,7 @@ "id": "CVE-2020-23591", "sourceIdentifier": "cve@mitre.org", "published": "2022-11-23T02:15:09.413", - "lastModified": "2024-11-21T05:13:56.377", + "lastModified": "2025-04-29T16:15:22.467", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-434" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] } ], "configurations": [ diff --git a/CVE-2020/CVE-2020-235xx/CVE-2020-23592.json b/CVE-2020/CVE-2020-235xx/CVE-2020-23592.json index ef5cc8c15dd..73dfd310290 100644 --- a/CVE-2020/CVE-2020-235xx/CVE-2020-23592.json +++ b/CVE-2020/CVE-2020-235xx/CVE-2020-23592.json @@ -2,7 +2,7 @@ "id": "CVE-2020-23592", "sourceIdentifier": "cve@mitre.org", "published": "2022-11-23T02:15:09.460", - "lastModified": "2024-11-21T05:13:56.507", + "lastModified": "2025-04-29T16:15:22.650", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-352" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] } ], "configurations": [ diff --git a/CVE-2020/CVE-2020-235xx/CVE-2020-23593.json b/CVE-2020/CVE-2020-235xx/CVE-2020-23593.json index 8027351b599..a0490086c72 100644 --- a/CVE-2020/CVE-2020-235xx/CVE-2020-23593.json +++ b/CVE-2020/CVE-2020-235xx/CVE-2020-23593.json @@ -2,7 +2,7 @@ "id": "CVE-2020-23593", "sourceIdentifier": "cve@mitre.org", "published": "2022-11-23T01:15:09.757", - "lastModified": "2024-11-21T05:13:56.637", + "lastModified": "2025-04-29T16:15:22.843", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-352" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] } ], "configurations": [ diff --git a/CVE-2021/CVE-2021-293xx/CVE-2021-29334.json b/CVE-2021/CVE-2021-293xx/CVE-2021-29334.json index 389467520c5..e04ff56de96 100644 --- a/CVE-2021/CVE-2021-293xx/CVE-2021-29334.json +++ b/CVE-2021/CVE-2021-293xx/CVE-2021-29334.json @@ -2,7 +2,7 @@ "id": "CVE-2021-29334", "sourceIdentifier": "cve@mitre.org", "published": "2022-11-23T20:15:09.850", - "lastModified": "2024-11-21T06:00:58.147", + "lastModified": "2025-04-29T16:15:23.050", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-352" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] } ], "configurations": [ diff --git a/CVE-2021/CVE-2021-39xx/CVE-2021-3919.json b/CVE-2021/CVE-2021-39xx/CVE-2021-3919.json index 6fd9a30d90d..1bf41806177 100644 --- a/CVE-2021/CVE-2021-39xx/CVE-2021-3919.json +++ b/CVE-2021/CVE-2021-39xx/CVE-2021-3919.json @@ -2,7 +2,7 @@ "id": "CVE-2021-3919", "sourceIdentifier": "hp-security-alert@hp.com", "published": "2022-12-12T13:15:11.803", - "lastModified": "2024-11-21T06:22:46.540", + "lastModified": "2025-04-29T16:15:23.267", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] } ], "configurations": [ diff --git a/CVE-2022/CVE-2022-330xx/CVE-2022-33012.json b/CVE-2022/CVE-2022-330xx/CVE-2022-33012.json index 04cab084d9d..554120eb73b 100644 --- a/CVE-2022/CVE-2022-330xx/CVE-2022-33012.json +++ b/CVE-2022/CVE-2022-330xx/CVE-2022-33012.json @@ -2,7 +2,7 @@ "id": "CVE-2022-33012", "sourceIdentifier": "cve@mitre.org", "published": "2022-11-22T14:15:10.377", - "lastModified": "2024-11-21T07:07:25.197", + "lastModified": "2025-04-29T16:15:23.583", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-74" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + } + ] } ], "configurations": [ diff --git a/CVE-2022/CVE-2022-354xx/CVE-2022-35407.json b/CVE-2022/CVE-2022-354xx/CVE-2022-35407.json index 9158d1b50a8..b3ba778933b 100644 --- a/CVE-2022/CVE-2022-354xx/CVE-2022-35407.json +++ b/CVE-2022/CVE-2022-354xx/CVE-2022-35407.json @@ -2,7 +2,7 @@ "id": "CVE-2022-35407", "sourceIdentifier": "cve@mitre.org", "published": "2022-11-22T02:15:09.120", - "lastModified": "2024-11-21T07:11:06.883", + "lastModified": "2025-04-29T16:15:23.800", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-787" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] } ], "configurations": [ diff --git a/CVE-2022/CVE-2022-361xx/CVE-2022-36179.json b/CVE-2022/CVE-2022-361xx/CVE-2022-36179.json index dceca3a8e58..ed8d966b5a7 100644 --- a/CVE-2022/CVE-2022-361xx/CVE-2022-36179.json +++ b/CVE-2022/CVE-2022-361xx/CVE-2022-36179.json @@ -2,7 +2,7 @@ "id": "CVE-2022-36179", "sourceIdentifier": "cve@mitre.org", "published": "2022-11-22T01:15:30.287", - "lastModified": "2024-11-21T07:12:33.537", + "lastModified": "2025-04-29T16:15:24.090", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-613" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-613" + } + ] } ], "configurations": [ diff --git a/CVE-2022/CVE-2022-361xx/CVE-2022-36180.json b/CVE-2022/CVE-2022-361xx/CVE-2022-36180.json index d5ffe3ee570..c46631e9c1d 100644 --- a/CVE-2022/CVE-2022-361xx/CVE-2022-36180.json +++ b/CVE-2022/CVE-2022-361xx/CVE-2022-36180.json @@ -2,7 +2,7 @@ "id": "CVE-2022-36180", "sourceIdentifier": "cve@mitre.org", "published": "2022-11-22T01:15:31.377", - "lastModified": "2024-11-21T07:12:33.743", + "lastModified": "2025-04-29T16:15:24.310", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 6.0 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "baseScore": 9.6, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 6.0 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-79" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] } ], "configurations": [ diff --git a/CVE-2022/CVE-2022-36xx/CVE-2022-3618.json b/CVE-2022/CVE-2022-36xx/CVE-2022-3618.json index 87ed6f60f80..1b9a306fc48 100644 --- a/CVE-2022/CVE-2022-36xx/CVE-2022-3618.json +++ b/CVE-2022/CVE-2022-36xx/CVE-2022-3618.json @@ -2,7 +2,7 @@ "id": "CVE-2022-3618", "sourceIdentifier": "contact@wpscan.com", "published": "2022-11-21T11:15:20.483", - "lastModified": "2024-11-21T07:19:53.303", + "lastModified": "2025-04-29T17:15:33.690", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.7, "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 } ] }, diff --git a/CVE-2022/CVE-2022-36xx/CVE-2022-3634.json b/CVE-2022/CVE-2022-36xx/CVE-2022-3634.json index 2601021d038..75bd5429644 100644 --- a/CVE-2022/CVE-2022-36xx/CVE-2022-3634.json +++ b/CVE-2022/CVE-2022-36xx/CVE-2022-3634.json @@ -2,7 +2,7 @@ "id": "CVE-2022-3634", "sourceIdentifier": "contact@wpscan.com", "published": "2022-11-21T11:15:20.550", - "lastModified": "2024-11-21T07:19:55.557", + "lastModified": "2025-04-29T17:15:35.777", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, diff --git a/CVE-2022/CVE-2022-36xx/CVE-2022-3688.json b/CVE-2022/CVE-2022-36xx/CVE-2022-3688.json index 5f9073db87e..ef9f620bb4e 100644 --- a/CVE-2022/CVE-2022-36xx/CVE-2022-3688.json +++ b/CVE-2022/CVE-2022-36xx/CVE-2022-3688.json @@ -2,7 +2,7 @@ "id": "CVE-2022-3688", "sourceIdentifier": "contact@wpscan.com", "published": "2022-11-21T11:15:20.620", - "lastModified": "2024-11-21T07:20:02.087", + "lastModified": "2025-04-29T17:15:36.000", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, diff --git a/CVE-2022/CVE-2022-36xx/CVE-2022-3690.json b/CVE-2022/CVE-2022-36xx/CVE-2022-3690.json index 00e521ada57..c1536e4b61e 100644 --- a/CVE-2022/CVE-2022-36xx/CVE-2022-3690.json +++ b/CVE-2022/CVE-2022-36xx/CVE-2022-3690.json @@ -2,7 +2,7 @@ "id": "CVE-2022-3690", "sourceIdentifier": "contact@wpscan.com", "published": "2022-11-21T11:15:20.687", - "lastModified": "2024-11-21T07:20:02.383", + "lastModified": "2025-04-29T17:15:36.297", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.7, "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, diff --git a/CVE-2022/CVE-2022-377xx/CVE-2022-37773.json b/CVE-2022/CVE-2022-377xx/CVE-2022-37773.json index ae63d83cdad..d764b486f46 100644 --- a/CVE-2022/CVE-2022-377xx/CVE-2022-37773.json +++ b/CVE-2022/CVE-2022-377xx/CVE-2022-37773.json @@ -2,7 +2,7 @@ "id": "CVE-2022-37773", "sourceIdentifier": "cve@mitre.org", "published": "2022-11-23T00:15:10.827", - "lastModified": "2024-11-21T07:15:08.183", + "lastModified": "2025-04-29T16:15:24.507", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-89" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] } ], "configurations": [ diff --git a/CVE-2022/CVE-2022-408xx/CVE-2022-40842.json b/CVE-2022/CVE-2022-408xx/CVE-2022-40842.json index f5fcea63e01..a2de90c4461 100644 --- a/CVE-2022/CVE-2022-408xx/CVE-2022-40842.json +++ b/CVE-2022/CVE-2022-408xx/CVE-2022-40842.json @@ -2,7 +2,7 @@ "id": "CVE-2022-40842", "sourceIdentifier": "cve@mitre.org", "published": "2022-11-22T01:15:32.507", - "lastModified": "2024-11-21T07:22:07.990", + "lastModified": "2025-04-29T16:15:24.720", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.2 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-918" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] } ], "configurations": [ diff --git a/CVE-2022/CVE-2022-408xx/CVE-2022-40870.json b/CVE-2022/CVE-2022-408xx/CVE-2022-40870.json index 265c5f99c04..3a568e86dfd 100644 --- a/CVE-2022/CVE-2022-408xx/CVE-2022-40870.json +++ b/CVE-2022/CVE-2022-408xx/CVE-2022-40870.json @@ -2,7 +2,7 @@ "id": "CVE-2022-40870", "sourceIdentifier": "cve@mitre.org", "published": "2022-11-23T00:15:11.063", - "lastModified": "2024-11-21T07:22:11.013", + "lastModified": "2025-04-29T16:15:24.937", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.2, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-116" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-116" + } + ] } ], "configurations": [ diff --git a/CVE-2022/CVE-2022-411xx/CVE-2022-41131.json b/CVE-2022/CVE-2022-411xx/CVE-2022-41131.json index 3588614400c..8df1216662a 100644 --- a/CVE-2022/CVE-2022-411xx/CVE-2022-41131.json +++ b/CVE-2022/CVE-2022-411xx/CVE-2022-41131.json @@ -2,7 +2,7 @@ "id": "CVE-2022-41131", "sourceIdentifier": "security@apache.org", "published": "2022-11-22T10:15:16.687", - "lastModified": "2024-11-21T07:22:40.500", + "lastModified": "2025-04-29T16:15:25.140", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,13 +36,33 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, "weaknesses": [ { "source": "security@apache.org", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-413xx/CVE-2022-41326.json b/CVE-2022/CVE-2022-413xx/CVE-2022-41326.json index 8998e66d74a..7737dcd552b 100644 --- a/CVE-2022/CVE-2022-413xx/CVE-2022-41326.json +++ b/CVE-2022/CVE-2022-413xx/CVE-2022-41326.json @@ -2,7 +2,7 @@ "id": "CVE-2022-41326", "sourceIdentifier": "cve@mitre.org", "published": "2022-11-22T01:15:33.647", - "lastModified": "2024-11-21T07:23:03.433", + "lastModified": "2025-04-29T16:15:25.330", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "NVD-CWE-Other" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] } ], "configurations": [ diff --git a/CVE-2022/CVE-2022-41xx/CVE-2022-4116.json b/CVE-2022/CVE-2022-41xx/CVE-2022-4116.json index d0c71f914a0..b6d72017ce6 100644 --- a/CVE-2022/CVE-2022-41xx/CVE-2022-4116.json +++ b/CVE-2022/CVE-2022-41xx/CVE-2022-4116.json @@ -2,7 +2,7 @@ "id": "CVE-2022-4116", "sourceIdentifier": "secalert@redhat.com", "published": "2022-11-22T19:15:18.213", - "lastModified": "2024-11-21T07:34:36.587", + "lastModified": "2025-04-29T17:15:38.553", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, diff --git a/CVE-2022/CVE-2022-431xx/CVE-2022-43142.json b/CVE-2022/CVE-2022-431xx/CVE-2022-43142.json index b77b02e27bc..e6bcae89462 100644 --- a/CVE-2022/CVE-2022-431xx/CVE-2022-43142.json +++ b/CVE-2022/CVE-2022-431xx/CVE-2022-43142.json @@ -2,7 +2,7 @@ "id": "CVE-2022-43142", "sourceIdentifier": "cve@mitre.org", "published": "2022-11-17T19:15:14.313", - "lastModified": "2024-11-21T07:25:58.893", + "lastModified": "2025-04-29T16:15:25.667", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-79" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] } ], "configurations": [ diff --git a/CVE-2022/CVE-2022-431xx/CVE-2022-43162.json b/CVE-2022/CVE-2022-431xx/CVE-2022-43162.json index 497d26c3204..7fd350c153a 100644 --- a/CVE-2022/CVE-2022-431xx/CVE-2022-43162.json +++ b/CVE-2022/CVE-2022-431xx/CVE-2022-43162.json @@ -2,7 +2,7 @@ "id": "CVE-2022-43162", "sourceIdentifier": "cve@mitre.org", "published": "2022-11-17T21:15:14.777", - "lastModified": "2024-11-21T07:26:00.100", + "lastModified": "2025-04-29T16:15:25.870", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.2, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-89" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] } ], "configurations": [ diff --git a/CVE-2022/CVE-2022-431xx/CVE-2022-43163.json b/CVE-2022/CVE-2022-431xx/CVE-2022-43163.json index fe933461b93..a0852609f46 100644 --- a/CVE-2022/CVE-2022-431xx/CVE-2022-43163.json +++ b/CVE-2022/CVE-2022-431xx/CVE-2022-43163.json @@ -2,7 +2,7 @@ "id": "CVE-2022-43163", "sourceIdentifier": "cve@mitre.org", "published": "2022-11-17T21:15:15.070", - "lastModified": "2024-11-21T07:26:00.260", + "lastModified": "2025-04-29T16:15:26.073", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.2, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-89" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] } ], "configurations": [ diff --git a/CVE-2022/CVE-2022-431xx/CVE-2022-43171.json b/CVE-2022/CVE-2022-431xx/CVE-2022-43171.json index 3259444ee58..030ee190363 100644 --- a/CVE-2022/CVE-2022-431xx/CVE-2022-43171.json +++ b/CVE-2022/CVE-2022-431xx/CVE-2022-43171.json @@ -2,7 +2,7 @@ "id": "CVE-2022-43171", "sourceIdentifier": "cve@mitre.org", "published": "2022-11-17T23:15:23.883", - "lastModified": "2024-11-21T07:26:01.680", + "lastModified": "2025-04-29T16:15:26.273", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-787" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-122" + } + ] } ], "configurations": [ diff --git a/CVE-2022/CVE-2022-431xx/CVE-2022-43183.json b/CVE-2022/CVE-2022-431xx/CVE-2022-43183.json index f62442ba860..add9020d1f8 100644 --- a/CVE-2022/CVE-2022-431xx/CVE-2022-43183.json +++ b/CVE-2022/CVE-2022-431xx/CVE-2022-43183.json @@ -2,7 +2,7 @@ "id": "CVE-2022-43183", "sourceIdentifier": "cve@mitre.org", "published": "2022-11-17T21:15:15.837", - "lastModified": "2024-11-21T07:26:02.100", + "lastModified": "2025-04-29T16:15:26.473", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-918" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] } ], "configurations": [ diff --git a/CVE-2022/CVE-2022-431xx/CVE-2022-43192.json b/CVE-2022/CVE-2022-431xx/CVE-2022-43192.json index a7448434050..9098ee53b4a 100644 --- a/CVE-2022/CVE-2022-431xx/CVE-2022-43192.json +++ b/CVE-2022/CVE-2022-431xx/CVE-2022-43192.json @@ -2,7 +2,7 @@ "id": "CVE-2022-43192", "sourceIdentifier": "cve@mitre.org", "published": "2022-11-17T22:15:10.927", - "lastModified": "2024-11-21T07:26:02.720", + "lastModified": "2025-04-29T16:15:26.667", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 0.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-434" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] } ], "configurations": [ diff --git a/CVE-2022/CVE-2022-441xx/CVE-2022-44156.json b/CVE-2022/CVE-2022-441xx/CVE-2022-44156.json index eab3c5d8703..c1e9983467c 100644 --- a/CVE-2022/CVE-2022-441xx/CVE-2022-44156.json +++ b/CVE-2022/CVE-2022-441xx/CVE-2022-44156.json @@ -2,7 +2,7 @@ "id": "CVE-2022-44156", "sourceIdentifier": "cve@mitre.org", "published": "2022-11-21T16:15:25.803", - "lastModified": "2024-11-21T07:27:40.080", + "lastModified": "2025-04-29T17:15:36.917", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-787" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] } ], "configurations": [ diff --git a/CVE-2022/CVE-2022-441xx/CVE-2022-44158.json b/CVE-2022/CVE-2022-441xx/CVE-2022-44158.json index a46cd1ebf8b..b4e4e70acb0 100644 --- a/CVE-2022/CVE-2022-441xx/CVE-2022-44158.json +++ b/CVE-2022/CVE-2022-441xx/CVE-2022-44158.json @@ -2,7 +2,7 @@ "id": "CVE-2022-44158", "sourceIdentifier": "cve@mitre.org", "published": "2022-11-21T16:15:25.863", - "lastModified": "2024-11-21T07:27:40.227", + "lastModified": "2025-04-29T17:15:37.350", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-787" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] } ], "configurations": [ diff --git a/CVE-2022/CVE-2022-441xx/CVE-2022-44163.json b/CVE-2022/CVE-2022-441xx/CVE-2022-44163.json index a3c88e7ea5b..8ec0ca7991a 100644 --- a/CVE-2022/CVE-2022-441xx/CVE-2022-44163.json +++ b/CVE-2022/CVE-2022-441xx/CVE-2022-44163.json @@ -2,7 +2,7 @@ "id": "CVE-2022-44163", "sourceIdentifier": "cve@mitre.org", "published": "2022-11-21T16:15:25.910", - "lastModified": "2024-11-21T07:27:40.373", + "lastModified": "2025-04-29T16:15:26.903", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-787" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] } ], "configurations": [ diff --git a/CVE-2022/CVE-2022-441xx/CVE-2022-44167.json b/CVE-2022/CVE-2022-441xx/CVE-2022-44167.json index b5dc46a37e5..7b710b1a658 100644 --- a/CVE-2022/CVE-2022-441xx/CVE-2022-44167.json +++ b/CVE-2022/CVE-2022-441xx/CVE-2022-44167.json @@ -2,7 +2,7 @@ "id": "CVE-2022-44167", "sourceIdentifier": "cve@mitre.org", "published": "2022-11-21T15:15:10.720", - "lastModified": "2024-11-21T07:27:40.517", + "lastModified": "2025-04-29T16:15:27.103", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-787" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] } ], "configurations": [ diff --git a/CVE-2022/CVE-2022-441xx/CVE-2022-44168.json b/CVE-2022/CVE-2022-441xx/CVE-2022-44168.json index 97701f13a3b..1cafcfe2d63 100644 --- a/CVE-2022/CVE-2022-441xx/CVE-2022-44168.json +++ b/CVE-2022/CVE-2022-441xx/CVE-2022-44168.json @@ -2,7 +2,7 @@ "id": "CVE-2022-44168", "sourceIdentifier": "cve@mitre.org", "published": "2022-11-21T15:15:10.857", - "lastModified": "2024-11-21T07:27:40.727", + "lastModified": "2025-04-29T16:15:27.307", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-787" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] } ], "configurations": [ diff --git a/CVE-2022/CVE-2022-446xx/CVE-2022-44647.json b/CVE-2022/CVE-2022-446xx/CVE-2022-44647.json index 1bd7d8768b4..11571f03f65 100644 --- a/CVE-2022/CVE-2022-446xx/CVE-2022-44647.json +++ b/CVE-2022/CVE-2022-446xx/CVE-2022-44647.json @@ -2,7 +2,7 @@ "id": "CVE-2022-44647", "sourceIdentifier": "security@trendmicro.com", "published": "2022-12-12T13:15:15.190", - "lastModified": "2024-11-21T07:28:15.790", + "lastModified": "2025-04-29T16:15:27.507", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-125" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] } ], "configurations": [ diff --git a/CVE-2022/CVE-2022-447xx/CVE-2022-44784.json b/CVE-2022/CVE-2022-447xx/CVE-2022-44784.json index a0059aa6088..c5df6487845 100644 --- a/CVE-2022/CVE-2022-447xx/CVE-2022-44784.json +++ b/CVE-2022/CVE-2022-447xx/CVE-2022-44784.json @@ -2,7 +2,7 @@ "id": "CVE-2022-44784", "sourceIdentifier": "cve@mitre.org", "published": "2022-11-21T23:15:12.813", - "lastModified": "2024-11-21T07:28:26.683", + "lastModified": "2025-04-29T16:15:27.690", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "NVD-CWE-Other" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] } ], "configurations": [ diff --git a/CVE-2022/CVE-2022-447xx/CVE-2022-44785.json b/CVE-2022/CVE-2022-447xx/CVE-2022-44785.json index c8156ea94d6..37916834b95 100644 --- a/CVE-2022/CVE-2022-447xx/CVE-2022-44785.json +++ b/CVE-2022/CVE-2022-447xx/CVE-2022-44785.json @@ -2,7 +2,7 @@ "id": "CVE-2022-44785", "sourceIdentifier": "cve@mitre.org", "published": "2022-11-21T23:15:13.140", - "lastModified": "2024-11-21T07:28:26.823", + "lastModified": "2025-04-29T16:15:27.890", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-89" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] } ], "configurations": [ diff --git a/CVE-2022/CVE-2022-447xx/CVE-2022-44786.json b/CVE-2022/CVE-2022-447xx/CVE-2022-44786.json index dd196e25c77..15dac220493 100644 --- a/CVE-2022/CVE-2022-447xx/CVE-2022-44786.json +++ b/CVE-2022/CVE-2022-447xx/CVE-2022-44786.json @@ -2,7 +2,7 @@ "id": "CVE-2022-44786", "sourceIdentifier": "cve@mitre.org", "published": "2022-11-21T23:15:13.350", - "lastModified": "2024-11-21T07:28:26.960", + "lastModified": "2025-04-29T16:15:28.080", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "NVD-CWE-Other" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] } ], "configurations": [ diff --git a/CVE-2022/CVE-2022-447xx/CVE-2022-44787.json b/CVE-2022/CVE-2022-447xx/CVE-2022-44787.json index 21207ee7cb9..45a2a3345ba 100644 --- a/CVE-2022/CVE-2022-447xx/CVE-2022-44787.json +++ b/CVE-2022/CVE-2022-447xx/CVE-2022-44787.json @@ -2,7 +2,7 @@ "id": "CVE-2022-44787", "sourceIdentifier": "cve@mitre.org", "published": "2022-11-21T23:15:13.557", - "lastModified": "2024-11-21T07:28:27.093", + "lastModified": "2025-04-29T16:15:28.310", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-79" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] } ], "configurations": [ diff --git a/CVE-2022/CVE-2022-447xx/CVE-2022-44788.json b/CVE-2022/CVE-2022-447xx/CVE-2022-44788.json index 68d4fa7922b..a187d031758 100644 --- a/CVE-2022/CVE-2022-447xx/CVE-2022-44788.json +++ b/CVE-2022/CVE-2022-447xx/CVE-2022-44788.json @@ -2,7 +2,7 @@ "id": "CVE-2022-44788", "sourceIdentifier": "cve@mitre.org", "published": "2022-11-21T23:15:13.780", - "lastModified": "2024-11-21T07:28:27.227", + "lastModified": "2025-04-29T16:15:28.513", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-384" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-384" + } + ] } ], "configurations": [ diff --git a/CVE-2022/CVE-2022-448xx/CVE-2022-44830.json b/CVE-2022/CVE-2022-448xx/CVE-2022-44830.json index f0305363754..b1ff42034b0 100644 --- a/CVE-2022/CVE-2022-448xx/CVE-2022-44830.json +++ b/CVE-2022/CVE-2022-448xx/CVE-2022-44830.json @@ -2,7 +2,7 @@ "id": "CVE-2022-44830", "sourceIdentifier": "cve@mitre.org", "published": "2022-11-21T18:15:25.317", - "lastModified": "2024-11-21T07:28:29.423", + "lastModified": "2025-04-29T16:15:28.697", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-1236" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-1236" + } + ] } ], "configurations": [ diff --git a/CVE-2022/CVE-2022-450xx/CVE-2022-45012.json b/CVE-2022/CVE-2022-450xx/CVE-2022-45012.json index bc1c7ab01ec..d19d3715de4 100644 --- a/CVE-2022/CVE-2022-450xx/CVE-2022-45012.json +++ b/CVE-2022/CVE-2022-450xx/CVE-2022-45012.json @@ -2,7 +2,7 @@ "id": "CVE-2022-45012", "sourceIdentifier": "cve@mitre.org", "published": "2022-11-21T15:15:11.537", - "lastModified": "2024-11-21T07:28:36.990", + "lastModified": "2025-04-29T16:15:28.893", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.7, "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-79" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] } ], "configurations": [ diff --git a/CVE-2022/CVE-2022-450xx/CVE-2022-45013.json b/CVE-2022/CVE-2022-450xx/CVE-2022-45013.json index 9e136ad090f..b93328fa82e 100644 --- a/CVE-2022/CVE-2022-450xx/CVE-2022-45013.json +++ b/CVE-2022/CVE-2022-450xx/CVE-2022-45013.json @@ -2,7 +2,7 @@ "id": "CVE-2022-45013", "sourceIdentifier": "cve@mitre.org", "published": "2022-11-21T15:15:11.783", - "lastModified": "2024-11-21T07:28:37.133", + "lastModified": "2025-04-29T16:15:29.090", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.7, "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-79" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] } ], "configurations": [ diff --git a/CVE-2022/CVE-2022-450xx/CVE-2022-45014.json b/CVE-2022/CVE-2022-450xx/CVE-2022-45014.json index 9f9800e3abd..de8da3c87b6 100644 --- a/CVE-2022/CVE-2022-450xx/CVE-2022-45014.json +++ b/CVE-2022/CVE-2022-450xx/CVE-2022-45014.json @@ -2,7 +2,7 @@ "id": "CVE-2022-45014", "sourceIdentifier": "cve@mitre.org", "published": "2022-11-21T15:15:12.023", - "lastModified": "2024-11-21T07:28:37.280", + "lastModified": "2025-04-29T16:15:29.287", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.7, "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-79" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] } ], "configurations": [ diff --git a/CVE-2022/CVE-2022-450xx/CVE-2022-45015.json b/CVE-2022/CVE-2022-450xx/CVE-2022-45015.json index 901623bf6a4..f54cbcf0bed 100644 --- a/CVE-2022/CVE-2022-450xx/CVE-2022-45015.json +++ b/CVE-2022/CVE-2022-450xx/CVE-2022-45015.json @@ -2,7 +2,7 @@ "id": "CVE-2022-45015", "sourceIdentifier": "cve@mitre.org", "published": "2022-11-21T15:15:12.247", - "lastModified": "2024-11-21T07:28:37.420", + "lastModified": "2025-04-29T16:15:29.483", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.7, "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-79" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] } ], "configurations": [ diff --git a/CVE-2022/CVE-2022-455xx/CVE-2022-45536.json b/CVE-2022/CVE-2022-455xx/CVE-2022-45536.json index 5752513dc7d..41a88e1268c 100644 --- a/CVE-2022/CVE-2022-455xx/CVE-2022-45536.json +++ b/CVE-2022/CVE-2022-455xx/CVE-2022-45536.json @@ -2,7 +2,7 @@ "id": "CVE-2022-45536", "sourceIdentifier": "cve@mitre.org", "published": "2022-11-22T21:15:11.103", - "lastModified": "2024-11-21T07:29:24.723", + "lastModified": "2025-04-29T17:15:38.267", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.2, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-89" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] } ], "configurations": [ diff --git a/CVE-2022/CVE-2022-486xx/CVE-2022-48627.json b/CVE-2022/CVE-2022-486xx/CVE-2022-48627.json index d33ad4caed2..ad00bfb1372 100644 --- a/CVE-2022/CVE-2022-486xx/CVE-2022-48627.json +++ b/CVE-2022/CVE-2022-486xx/CVE-2022-48627.json @@ -2,8 +2,8 @@ "id": "CVE-2022-48627", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-03-02T22:15:46.930", - "lastModified": "2024-11-21T07:33:38.493", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-04-29T16:51:43.093", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,58 +39,201 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.7", + "versionEndIncluding": "4.19.312", + "matchCriteriaId": "1670DDD9-C89D-41B1-9FE5-D46B3A626244" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.274", + "matchCriteriaId": "F45A0F3C-C16D-49C4-86D6-D021C3D4B834" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.132", + "matchCriteriaId": "46CE9FE9-22E3-45CA-8B5F-190C2CAFC5CE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.56", + "matchCriteriaId": "AF59CE2F-BA66-4BFD-83AB-4576F3D1B49A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "5.18.13", + "matchCriteriaId": "640221A7-96EE-4B48-8FE1-BA810131789B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.19:rc1:*:*:*:*:*:*", + "matchCriteriaId": "A8C30C2D-F82D-4D37-AB48-D76ABFBD5377" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.19:rc2:*:*:*:*:*:*", + "matchCriteriaId": "BF8547FC-C849-4F1B-804B-A93AE2F04A92" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.19:rc3:*:*:*:*:*:*", + "matchCriteriaId": "F3068028-F453-4A1C-B80F-3F5609ACEF60" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.19:rc4:*:*:*:*:*:*", + "matchCriteriaId": "2E9C0DB0-D349-489F-A3D6-B77214E93A8A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.19:rc5:*:*:*:*:*:*", + "matchCriteriaId": "1A0DE3B7-0FFB-45AA-9BD6-19870CA7C6FD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.19:rc6:*:*:*:*:*:*", + "matchCriteriaId": "00AE778B-BAEE-49EB-9F84-003B73D7862A" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/14d2cc21ca622310babf373e3a8f0b40acfe8265", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/39cdb68c64d84e71a4a717000b6e5de208ee60cc", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/57964a5710252bc82fe22d9fa98c180c58c20244", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/815be99d934e3292906536275f2b8d5131cdf52c", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/bfee93c9a6c395f9aa62268f1cedf64999844926", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c8686c014b5e872ba7e334f33ca553f14446fc29", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/14d2cc21ca622310babf373e3a8f0b40acfe8265", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/39cdb68c64d84e71a4a717000b6e5de208ee60cc", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/57964a5710252bc82fe22d9fa98c180c58c20244", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/815be99d934e3292906536275f2b8d5131cdf52c", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/bfee93c9a6c395f9aa62268f1cedf64999844926", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c8686c014b5e872ba7e334f33ca553f14446fc29", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-525xx/CVE-2023-52511.json b/CVE-2023/CVE-2023-525xx/CVE-2023-52511.json index f3d612b4f89..71225fdd517 100644 --- a/CVE-2023/CVE-2023-525xx/CVE-2023-52511.json +++ b/CVE-2023/CVE-2023-525xx/CVE-2023-52511.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52511", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-03-02T22:15:47.640", - "lastModified": "2024-11-21T08:39:56.080", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-04-29T16:55:09.583", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,38 +39,106 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.15.134", + "matchCriteriaId": "AC2BFB97-FE0F-4C79-9818-2EDA2532E918" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.56", + "matchCriteriaId": "5EA89569-DD45-4A69-BB4D-8356FA9386BD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.5.6", + "matchCriteriaId": "870FC772-173A-4A0F-B1AF-7976AD6057D3" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/171f8a49f212e87a8b04087568e1b3d132e36a18", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b3c21c9c7289692f4019f163c3b06d8bdf78b355", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e15bb292b24630ee832bfc7fd616bd72c7682bbb", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ff05ed4ae214011464a0156f05cac1b0b46b5fbc", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/171f8a49f212e87a8b04087568e1b3d132e36a18", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b3c21c9c7289692f4019f163c3b06d8bdf78b355", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e15bb292b24630ee832bfc7fd616bd72c7682bbb", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ff05ed4ae214011464a0156f05cac1b0b46b5fbc", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-526xx/CVE-2023-52627.json b/CVE-2023/CVE-2023-526xx/CVE-2023-52627.json index 031bd9bae5c..6ef786bec62 100644 --- a/CVE-2023/CVE-2023-526xx/CVE-2023-52627.json +++ b/CVE-2023/CVE-2023-526xx/CVE-2023-52627.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52627", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-03-26T18:15:09.140", - "lastModified": "2024-11-21T08:40:14.050", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-04-29T16:34:33.813", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,58 +39,171 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.6", + "versionEndExcluding": "5.10.210", + "matchCriteriaId": "9681BF9E-71B2-4874-8F0D-A24B65CC7ACD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.149", + "matchCriteriaId": "0D0465BB-4053-4E15-9137-6696EBAE90FD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.76", + "matchCriteriaId": "32F0FEB3-5FE1-4400-A56D-886F09BE872E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.15", + "matchCriteriaId": "87C718CB-AE3D-4B07-B4D9-BFF64183C468" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.7.3", + "matchCriteriaId": "58FD5308-148A-40D3-B36A-0CA6B434A8BF" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/020e71c7ffc25dfe29ed9be6c2d39af7bd7f661f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/137568aa540a9f587c48ff7d4c51cdba08cfe9a4", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/1eba6f7ffa295a0eec098c107043074be7cc4ec5", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/49f322ce1f265935f15e5512da69a399f27a5091", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/55aca2ce91a63740278502066beaddbd841af9c6", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/89c4e63324e208a23098f7fb15c00487cecbfed2", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/020e71c7ffc25dfe29ed9be6c2d39af7bd7f661f", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/137568aa540a9f587c48ff7d4c51cdba08cfe9a4", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/1eba6f7ffa295a0eec098c107043074be7cc4ec5", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/49f322ce1f265935f15e5512da69a399f27a5091", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/55aca2ce91a63740278502066beaddbd841af9c6", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/89c4e63324e208a23098f7fb15c00487cecbfed2", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10918.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10918.json index 280e24cbb0b..d40d8ef8267 100644 --- a/CVE-2024/CVE-2024-109xx/CVE-2024-10918.json +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10918.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10918", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2025-02-27T12:15:33.807", - "lastModified": "2025-02-27T12:15:33.807", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-04-29T16:58:54.160", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.2, "impactScore": 2.5 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, @@ -49,12 +69,42 @@ "value": "CWE-121" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:libmodbus:libmodbus:3.1.10:*:*:*:*:*:*:*", + "matchCriteriaId": "524EB0BF-4994-4369-BD85-CC578548CA1C" + } + ] + } + ] } ], "references": [ { "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-10918", - "source": "prodsec@nozominetworks.com" + "source": "prodsec@nozominetworks.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-121xx/CVE-2024-12109.json b/CVE-2024/CVE-2024-121xx/CVE-2024-12109.json index 5f065718ac2..f8ff4d85de5 100644 --- a/CVE-2024/CVE-2024-121xx/CVE-2024-12109.json +++ b/CVE-2024/CVE-2024-121xx/CVE-2024-12109.json @@ -2,8 +2,8 @@ "id": "CVE-2024-12109", "sourceIdentifier": "contact@wpscan.com", "published": "2025-03-25T06:15:38.823", - "lastModified": "2025-03-27T16:45:46.410", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-04-29T17:57:02.620", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,14 +39,52 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acowebs:product_labels_for_woocommerce_\\(sale_badges\\):*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.5.9", + "matchCriteriaId": "29EE471F-7D6D-48EB-A7EB-D3B003E7E6AC" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/2eca2f88-c843-4794-8cd9-46f17c92753a/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://wpscan.com/vulnerability/2eca2f88-c843-4794-8cd9-46f17c92753a/", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-127xx/CVE-2024-12769.json b/CVE-2024/CVE-2024-127xx/CVE-2024-12769.json index 12d6400beab..766f22d1ba0 100644 --- a/CVE-2024/CVE-2024-127xx/CVE-2024-12769.json +++ b/CVE-2024/CVE-2024-127xx/CVE-2024-12769.json @@ -2,8 +2,8 @@ "id": "CVE-2024-12769", "sourceIdentifier": "contact@wpscan.com", "published": "2025-03-25T06:15:39.120", - "lastModified": "2025-03-27T16:45:46.410", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-04-29T17:54:19.490", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,10 +39,44 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:simple_banner_project:simple_banner:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.0.4", + "matchCriteriaId": "479C395B-AD5B-4AA1-9F20-68C83F6741ED" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/02b5c1a8-cf2a-4378-bfda-84d841d88a18/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-138xx/CVE-2024-13863.json b/CVE-2024/CVE-2024-138xx/CVE-2024-13863.json index 97f4a6c775b..51ddcc327f4 100644 --- a/CVE-2024/CVE-2024-138xx/CVE-2024-13863.json +++ b/CVE-2024/CVE-2024-138xx/CVE-2024-13863.json @@ -2,8 +2,8 @@ "id": "CVE-2024-13863", "sourceIdentifier": "contact@wpscan.com", "published": "2025-03-25T06:15:39.693", - "lastModified": "2025-03-27T16:45:46.410", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-04-29T17:35:22.800", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,10 +39,43 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wppluginbox:stylish_google_sheet_reader:4.0:*:*:*:*:wordpress:*:*", + "matchCriteriaId": "789C72B7-90A8-45EE-B001-0E2437772E45" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/a6161595-0934-4baa-9da6-73792f4b87fd/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-266xx/CVE-2024-26676.json b/CVE-2024/CVE-2024-266xx/CVE-2024-26676.json index 73a66c08421..336e3aaf900 100644 --- a/CVE-2024/CVE-2024-266xx/CVE-2024-26676.json +++ b/CVE-2024/CVE-2024-266xx/CVE-2024-26676.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26676", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-02T07:15:44.170", - "lastModified": "2024-11-21T09:02:49.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-04-29T17:03:23.660", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,46 +39,143 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-401" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.15.103", + "versionEndExcluding": "5.15.149", + "matchCriteriaId": "4FAB2FFB-5A96-45F6-9071-7825241E6C95" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.1.20", + "versionEndExcluding": "6.1.78", + "matchCriteriaId": "A80DCCF0-D73E-4F5C-A595-73C79D8D9661" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.3", + "versionEndExcluding": "6.6.17", + "matchCriteriaId": "DCCC2E74-F616-4B9E-A7DF-B5284D18F936" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.7.5", + "matchCriteriaId": "01925741-2C95-47C1-A7EA-3DC2BB0012D3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*", + "matchCriteriaId": "B9F4EA73-0894-400F-A490-3A397AB7A517" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*", + "matchCriteriaId": "056BD938-0A27-4569-B391-30578B309EE3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*", + "matchCriteriaId": "F02056A5-B362-4370-9FF8-6F0BD384D520" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/1279f9d9dec2d7462823a18c29ad61359e0a007d", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/4fe505c63aa3273135a57597fda761e9aecc7668", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/82ae47c5c3a6b27fdc0f9e83c1499cb439c56140", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b74aa9ce13d02b7fd37c5325b99854f91b9b4276", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e0e09186d8821ad59806115d347ea32efa43ca4b", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/1279f9d9dec2d7462823a18c29ad61359e0a007d", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/4fe505c63aa3273135a57597fda761e9aecc7668", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/82ae47c5c3a6b27fdc0f9e83c1499cb439c56140", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b74aa9ce13d02b7fd37c5325b99854f91b9b4276", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e0e09186d8821ad59806115d347ea32efa43ca4b", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26843.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26843.json index 78adf328196..be6d7acd2a0 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26843.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26843.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26843", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-17T10:15:10.047", - "lastModified": "2024-11-21T09:03:11.477", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-04-29T16:30:34.013", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,58 +39,185 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.10.211", + "matchCriteriaId": "DC6905D6-5F33-4718-AAFD-C356351E82B0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.150", + "matchCriteriaId": "CB6C60DE-9E0C-46C5-904D-D4F4031F8E95" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.80", + "matchCriteriaId": "BA7850CE-97C9-4408-A348-6173296BCA2B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.19", + "matchCriteriaId": "8D82004C-B2AE-4048-9344-32EFF65953B0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.7.7", + "matchCriteriaId": "575EE16B-67F2-4B5B-B5F8-1877715C898B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*", + "matchCriteriaId": "B9F4EA73-0894-400F-A490-3A397AB7A517" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*", + "matchCriteriaId": "056BD938-0A27-4569-B391-30578B309EE3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*", + "matchCriteriaId": "F02056A5-B362-4370-9FF8-6F0BD384D520" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/156cb12ffdcf33883304f0db645e1eadae712fe0", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/4aa36b62c3eaa869860bf78b1146e9f2b5f782a9", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/4fff3d735baea104017f2e3c245e27cdc79f2426", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/700c3f642c32721f246e09d3a9511acf40ae42be", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/cf3d6813601fe496de7f023435e31bfffa74ae70", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/de1034b38a346ef6be25fe8792f5d1e0684d5ff4", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/156cb12ffdcf33883304f0db645e1eadae712fe0", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/4aa36b62c3eaa869860bf78b1146e9f2b5f782a9", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/4fff3d735baea104017f2e3c245e27cdc79f2426", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/700c3f642c32721f246e09d3a9511acf40ae42be", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/cf3d6813601fe496de7f023435e31bfffa74ae70", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/de1034b38a346ef6be25fe8792f5d1e0684d5ff4", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-374xx/CVE-2024-37407.json b/CVE-2024/CVE-2024-374xx/CVE-2024-37407.json index 091e6458d7a..6c258215369 100644 --- a/CVE-2024/CVE-2024-374xx/CVE-2024-37407.json +++ b/CVE-2024/CVE-2024-374xx/CVE-2024-37407.json @@ -2,8 +2,8 @@ "id": "CVE-2024-37407", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-08T13:15:58.337", - "lastModified": "2025-03-14T16:15:32.187", - "vulnStatus": "Modified", + "lastModified": "2025-04-29T16:35:54.687", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -90,9 +90,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*", - "versionEndExcluding": "3.7.4", - "matchCriteriaId": "9D39546C-368C-43A4-870B-84A4DE39DD8F" + "criteria": "cpe:2.3:a:libarchive:libarchive:3.7.3:*:*:*:*:*:*:*", + "matchCriteriaId": "5F1953B9-F8C6-4EC8-825E-D32905CEAEC6" } ] } diff --git a/CVE-2024/CVE-2024-383xx/CVE-2024-38311.json b/CVE-2024/CVE-2024-383xx/CVE-2024-38311.json index e6c54226a74..5d362ad12cd 100644 --- a/CVE-2024/CVE-2024-383xx/CVE-2024-38311.json +++ b/CVE-2024/CVE-2024-383xx/CVE-2024-38311.json @@ -2,8 +2,8 @@ "id": "CVE-2024-38311", "sourceIdentifier": "security@apache.org", "published": "2025-03-06T12:15:34.157", - "lastModified": "2025-03-06T16:15:45.760", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-04-29T16:34:58.897", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -49,12 +49,52 @@ "value": "CWE-20" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.0.0", + "versionEndExcluding": "9.2.9", + "matchCriteriaId": "BCB8678D-8BC5-42C8-8D3D-6A4FC6629A3B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.0.0", + "versionEndExcluding": "10.0.4", + "matchCriteriaId": "7BF7CF7D-D880-4FB6-B50C-AABB0DDA0F06" + } + ] + } + ] } ], "references": [ { "url": "https://lists.apache.org/thread/btofzws2yqskk2n7f01r3l1819x01023", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-536xx/CVE-2024-53636.json b/CVE-2024/CVE-2024-536xx/CVE-2024-53636.json index 50fb9ad1de0..d2f3745d562 100644 --- a/CVE-2024/CVE-2024-536xx/CVE-2024-53636.json +++ b/CVE-2024/CVE-2024-536xx/CVE-2024-53636.json @@ -2,7 +2,7 @@ "id": "CVE-2024-53636", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-26T15:15:44.080", - "lastModified": "2025-04-29T13:52:10.697", + "lastModified": "2025-04-29T16:15:29.717", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -55,6 +55,10 @@ { "url": "https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-53636", "source": "cve@mitre.org" + }, + { + "url": "https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-53636", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-561xx/CVE-2024-56195.json b/CVE-2024/CVE-2024-561xx/CVE-2024-56195.json index f7a21c9e9c7..3a382f24cfd 100644 --- a/CVE-2024/CVE-2024-561xx/CVE-2024-56195.json +++ b/CVE-2024/CVE-2024-561xx/CVE-2024-56195.json @@ -2,8 +2,8 @@ "id": "CVE-2024-56195", "sourceIdentifier": "security@apache.org", "published": "2025-03-06T12:15:35.373", - "lastModified": "2025-03-06T16:15:49.230", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-04-29T16:42:01.950", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -49,12 +49,52 @@ "value": "CWE-284" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.0.0", + "versionEndExcluding": "9.2.9", + "matchCriteriaId": "BCB8678D-8BC5-42C8-8D3D-6A4FC6629A3B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.0.0", + "versionEndExcluding": "10.0.4", + "matchCriteriaId": "7BF7CF7D-D880-4FB6-B50C-AABB0DDA0F06" + } + ] + } + ] } ], "references": [ { "url": "https://lists.apache.org/thread/btofzws2yqskk2n7f01r3l1819x01023", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-562xx/CVE-2024-56202.json b/CVE-2024/CVE-2024-562xx/CVE-2024-56202.json index 35381c5cd23..9cac60c4bb5 100644 --- a/CVE-2024/CVE-2024-562xx/CVE-2024-56202.json +++ b/CVE-2024/CVE-2024-562xx/CVE-2024-56202.json @@ -2,8 +2,8 @@ "id": "CVE-2024-56202", "sourceIdentifier": "security@apache.org", "published": "2025-03-06T11:15:11.423", - "lastModified": "2025-03-06T16:15:50.053", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-04-29T16:41:26.503", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -49,12 +49,52 @@ "value": "CWE-440" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.0.0", + "versionEndExcluding": "9.2.9", + "matchCriteriaId": "BCB8678D-8BC5-42C8-8D3D-6A4FC6629A3B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.0.0", + "versionEndExcluding": "10.0.4", + "matchCriteriaId": "7BF7CF7D-D880-4FB6-B50C-AABB0DDA0F06" + } + ] + } + ] } ], "references": [ { "url": "https://lists.apache.org/thread/btofzws2yqskk2n7f01r3l1819x01023", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-570xx/CVE-2024-57036.json b/CVE-2024/CVE-2024-570xx/CVE-2024-57036.json index 478e964de67..3fe5fbb8d69 100644 --- a/CVE-2024/CVE-2024-570xx/CVE-2024-57036.json +++ b/CVE-2024/CVE-2024-570xx/CVE-2024-57036.json @@ -2,8 +2,8 @@ "id": "CVE-2024-57036", "sourceIdentifier": "cve@mitre.org", "published": "2025-01-21T16:15:14.143", - "lastModified": "2025-02-04T16:15:39.170", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-04-29T16:22:09.120", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,43 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a810r_firmware:4.1.2cu.5032_b20200407:*:*:*:*:*:*:*", + "matchCriteriaId": "BB2F8921-56DC-4F87-943E-2737CDC4F20F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a810r:-:*:*:*:*:*:*:*", + "matchCriteriaId": "34981911-5839-430B-8008-EACFDFCEA2A1" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/luckysmallbird/Totolink-A810R-Vulnerability-1/blob/main/3.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-90xx/CVE-2024-9095.json b/CVE-2024/CVE-2024-90xx/CVE-2024-9095.json index 4435b7df4b2..c9939e14e51 100644 --- a/CVE-2024/CVE-2024-90xx/CVE-2024-9095.json +++ b/CVE-2024/CVE-2024-90xx/CVE-2024-9095.json @@ -2,8 +2,8 @@ "id": "CVE-2024-9095", "sourceIdentifier": "security@huntr.dev", "published": "2025-03-20T10:15:46.700", - "lastModified": "2025-03-20T10:15:46.700", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-04-29T17:23:20.143", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -16,6 +16,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -49,16 +71,50 @@ "value": "CWE-285" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:lunary:lunary:1.4.28:*:*:*:*:*:*:*", + "matchCriteriaId": "1EA5C3CD-9252-440E-A34A-6C587D2AB57D" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/lunary-ai/lunary/commit/a8d7b2959e87c30fbafdb12af7ffa093385dcc60", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.com/bounties/e242a92e-da41-440d-b718-3de91e4b4eac", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-97xx/CVE-2024-9770.json b/CVE-2024/CVE-2024-97xx/CVE-2024-9770.json index 5d83b773a93..5c0655bf7f2 100644 --- a/CVE-2024/CVE-2024-97xx/CVE-2024-9770.json +++ b/CVE-2024/CVE-2024-97xx/CVE-2024-9770.json @@ -2,8 +2,8 @@ "id": "CVE-2024-9770", "sourceIdentifier": "contact@wpscan.com", "published": "2025-03-25T06:15:40.020", - "lastModified": "2025-03-27T16:45:46.410", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-04-29T17:24:12.513", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,10 +39,44 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:plechevandrey:wp-recall:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "16.26.12", + "matchCriteriaId": "E39CB4E3-D118-4652-8317-06A6DD1FD41D" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/d31f8713-b807-4ac4-8897-7d62a93bb2db/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-07xx/CVE-2025-0716.json b/CVE-2025/CVE-2025-07xx/CVE-2025-0716.json new file mode 100644 index 00000000000..3447f5c4dfd --- /dev/null +++ b/CVE-2025/CVE-2025-07xx/CVE-2025-0716.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2025-0716", + "sourceIdentifier": "36c7be3b-2937-45df-85ea-ca7133ea542c", + "published": "2025-04-29T17:15:39.790", + "lastModified": "2025-04-29T17:15:39.790", + "vulnStatus": "Received", + "cveTags": [ + { + "sourceIdentifier": "36c7be3b-2937-45df-85ea-ca7133ea542c", + "tags": [ + "unsupported-when-assigned" + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing \u00a0and also negatively affect the application's performance and behavior by using too large or slow-to-load images.\n\nThis issue affects all versions of AngularJS.\n\nNote:\nThe AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status ." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "36c7be3b-2937-45df-85ea-ca7133ea542c", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.2, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "36c7be3b-2937-45df-85ea-ca7133ea542c", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-791" + } + ] + } + ], + "references": [ + { + "url": "https://codepen.io/herodevs/pen/qEWQmpd/a86a0d29310e12c7a3756768e6c7b915", + "source": "36c7be3b-2937-45df-85ea-ca7133ea542c" + }, + { + "url": "https://www.herodevs.com/vulnerability-directory/cve-2025-0716", + "source": "36c7be3b-2937-45df-85ea-ca7133ea542c" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-15xx/CVE-2025-1551.json b/CVE-2025/CVE-2025-15xx/CVE-2025-1551.json new file mode 100644 index 00000000000..5db551d1a14 --- /dev/null +++ b/CVE-2025/CVE-2025-15xx/CVE-2025-1551.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-1551", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2025-04-29T16:15:29.870", + "lastModified": "2025-04-29T16:15:29.870", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, and 9.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.ibm.com/support/pages/node/7232032", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-19xx/CVE-2025-1961.json b/CVE-2025/CVE-2025-19xx/CVE-2025-1961.json index 5722821c6d1..97ad2340a4c 100644 --- a/CVE-2025/CVE-2025-19xx/CVE-2025-1961.json +++ b/CVE-2025/CVE-2025-19xx/CVE-2025-1961.json @@ -2,8 +2,8 @@ "id": "CVE-2025-1961", "sourceIdentifier": "cna@vuldb.com", "published": "2025-03-04T23:15:10.717", - "lastModified": "2025-03-05T17:15:14.220", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-04-29T16:46:00.200", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -80,6 +80,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 3.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ], "cvssMetricV2": [ @@ -122,32 +142,82 @@ "value": "CWE-89" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mayurik:best_church_management_software:1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "171FB833-CA5D-4229-B7BB-D0439B34A990" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/Yesec/Best-church-management-software/blob/main/web_crud.php_SQLi.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.298561", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.298561", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.510865", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://www.sourcecodester.com/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/Yesec/Best-church-management-software/blob/main/web_crud.php_SQLi.md", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23177.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23177.json new file mode 100644 index 00000000000..ee36d71380b --- /dev/null +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23177.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23177", + "sourceIdentifier": "cna@cyber.gov.il", + "published": "2025-04-29T16:15:30.017", + "lastModified": "2025-04-29T16:15:30.017", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "CWE-427: Uncontrolled Search Path Element" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@cyber.gov.il", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "cna@cyber.gov.il", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-427" + } + ] + } + ], + "references": [ + { + "url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0", + "source": "cna@cyber.gov.il" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23178.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23178.json new file mode 100644 index 00000000000..2789ce88481 --- /dev/null +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23178.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23178", + "sourceIdentifier": "cna@cyber.gov.il", + "published": "2025-04-29T16:15:30.157", + "lastModified": "2025-04-29T16:15:30.157", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "CWE-923: Improper Restriction of Communication Channel to Intended Endpoints" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@cyber.gov.il", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "cna@cyber.gov.il", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-923" + } + ] + } + ], + "references": [ + { + "url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0", + "source": "cna@cyber.gov.il" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23179.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23179.json new file mode 100644 index 00000000000..ce9c1ce687d --- /dev/null +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23179.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23179", + "sourceIdentifier": "cna@cyber.gov.il", + "published": "2025-04-29T16:15:30.297", + "lastModified": "2025-04-29T16:15:30.297", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "CWE-798: Use of Hard-coded Credentials" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@cyber.gov.il", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "cna@cyber.gov.il", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] + } + ], + "references": [ + { + "url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0", + "source": "cna@cyber.gov.il" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23180.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23180.json new file mode 100644 index 00000000000..11fac30ef74 --- /dev/null +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23180.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23180", + "sourceIdentifier": "cna@cyber.gov.il", + "published": "2025-04-29T17:15:40.687", + "lastModified": "2025-04-29T17:15:40.687", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "CWE-250: Execution with Unnecessary Privileges" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@cyber.gov.il", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.0, + "baseSeverity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.1, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "cna@cyber.gov.il", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-250" + } + ] + } + ], + "references": [ + { + "url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0", + "source": "cna@cyber.gov.il" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23181.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23181.json new file mode 100644 index 00000000000..e80148cd5eb --- /dev/null +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23181.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-23181", + "sourceIdentifier": "cna@cyber.gov.il", + "published": "2025-04-29T17:15:40.907", + "lastModified": "2025-04-29T17:15:40.907", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "CWE-250: Execution with Unnecessary Privileges" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@cyber.gov.il", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.0, + "baseSeverity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.1, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "cna@cyber.gov.il", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-250" + } + ] + } + ], + "references": [ + { + "url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0", + "source": "cna@cyber.gov.il" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-254xx/CVE-2025-25403.json b/CVE-2025/CVE-2025-254xx/CVE-2025-25403.json new file mode 100644 index 00000000000..71d1edd4d5c --- /dev/null +++ b/CVE-2025/CVE-2025-254xx/CVE-2025-25403.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2025-25403", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-04-29T16:15:30.437", + "lastModified": "2025-04-29T16:15:30.437", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Slims (Senayan Library Management Systems) 9 Bulian V9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/coll_type.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/christopherralinanggoman/cve-skripsi/blob/main/my_reports/slims-9-bulian-coll-type-report.md", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/slims/slims9_bulian/issues/273", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-254xx/CVE-2025-25431.json b/CVE-2025/CVE-2025-254xx/CVE-2025-25431.json index afbd59cefee..4e13be49071 100644 --- a/CVE-2025/CVE-2025-254xx/CVE-2025-25431.json +++ b/CVE-2025/CVE-2025-254xx/CVE-2025-25431.json @@ -2,8 +2,8 @@ "id": "CVE-2025-25431", "sourceIdentifier": "cve@mitre.org", "published": "2025-02-28T18:15:28.407", - "lastModified": "2025-03-04T16:15:39.917", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-04-29T16:48:57.280", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,51 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:trendnet:tew-7929dru_firmware:1.0.0.10:*:*:*:*:*:*:*", + "matchCriteriaId": "6DA1DA3C-95AE-456E-BAE6-ECCA2EC30E60" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:trendnet:tew-7929dru:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E03CF641-8D1F-4C4F-B8FA-AE07D7E8801E" + } + ] + } + ] + } + ], "references": [ { "url": "https://instinctive-acapella-fc7.notion.site/Trendnet-TEW-929DRU-XSS-17b15d9d4d26806a90f3d830a6143ebe", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://instinctive-acapella-fc7.notion.site/Trendnet-TEW-929DRU-XSS-17b15d9d4d26806a90f3d830a6143ebe", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-255xx/CVE-2025-25524.json b/CVE-2025/CVE-2025-255xx/CVE-2025-25524.json index a45d57eb83a..6b63d860386 100644 --- a/CVE-2025/CVE-2025-255xx/CVE-2025-25524.json +++ b/CVE-2025/CVE-2025-255xx/CVE-2025-25524.json @@ -2,8 +2,8 @@ "id": "CVE-2025-25524", "sourceIdentifier": "cve@mitre.org", "published": "2025-02-11T19:15:19.110", - "lastModified": "2025-02-13T18:18:23.597", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-04-29T16:22:26.843", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,42 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:x6000r_firmware:9.4.0cu.652_b20230116:*:*:*:*:*:*:*", + "matchCriteriaId": "A7D2CE74-D049-404D-9209-A8CEC98E046A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:x6000r:-:*:*:*:*:*:*:*", + "matchCriteriaId": "178FD1FA-9A62-48B7-B219-938F48ADD8BB" + } + ] + } + ] + } + ], "references": [ { "url": "https://gist.github.com/XiaoCurry/ce1f80afd2d8be8ca543437f16eae96b", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-259xx/CVE-2025-25916.json b/CVE-2025/CVE-2025-259xx/CVE-2025-25916.json index 0ea12351d14..295c8c2e8c9 100644 --- a/CVE-2025/CVE-2025-259xx/CVE-2025-25916.json +++ b/CVE-2025/CVE-2025-259xx/CVE-2025-25916.json @@ -2,8 +2,8 @@ "id": "CVE-2025-25916", "sourceIdentifier": "cve@mitre.org", "published": "2025-02-28T15:15:13.613", - "lastModified": "2025-02-28T16:15:39.867", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-04-29T16:53:21.170", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,18 +51,48 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wuzhicms:wuzhicms:4.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2B76E69A-B2F3-4359-A7C0-046CEE2FAEEB" + } + ] + } + ] + } + ], "references": [ { "url": "https://gist.github.com/A7cc/e28b5790d8b40df8d418d1bd15c25d12", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/wuzhicms/wuzhicms/issues/213", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "Issue Tracking" + ] }, { "url": "https://github.com/wuzhicms/wuzhicms/issues/213", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-259xx/CVE-2025-25962.json b/CVE-2025/CVE-2025-259xx/CVE-2025-25962.json new file mode 100644 index 00000000000..b10b9552366 --- /dev/null +++ b/CVE-2025/CVE-2025-259xx/CVE-2025-25962.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2025-25962", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-04-29T16:15:30.580", + "lastModified": "2025-04-29T16:15:30.580", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An issue in Coresmartcontracts Uniswap v.3.0 and fixed in v.4.0 allows a remote attacker to escalate privileges via the _modifyPosition function" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/CVEProject/docs/blob/gh-pages/requester/reservation-guidelines.md", + "source": "cve@mitre.org" + }, + { + "url": "https://medium.com/@cnetsec/access-control-vulnerability-in-uniswap-v3-cve-2025-25962-f7cf21536978", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-280xx/CVE-2025-28024.json b/CVE-2025/CVE-2025-280xx/CVE-2025-28024.json index ceb4073ae2d..e443a4fa5b3 100644 --- a/CVE-2025/CVE-2025-280xx/CVE-2025-28024.json +++ b/CVE-2025/CVE-2025-280xx/CVE-2025-28024.json @@ -2,8 +2,8 @@ "id": "CVE-2025-28024", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-22T16:15:44.997", - "lastModified": "2025-04-23T14:15:28.330", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-04-29T16:21:01.237", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,43 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a810r_firmware:4.1.2cu.5182_b20201026:*:*:*:*:*:*:*", + "matchCriteriaId": "8FFF9A60-5961-4F2F-9365-94C5DF7F8EDA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a810r:-:*:*:*:*:*:*:*", + "matchCriteriaId": "34981911-5839-430B-8008-EACFDFCEA2A1" + } + ] + } + ] + } + ], "references": [ { "url": "https://locrian-lightning-dc7.notion.site/BufferOverflow5-1978e5e2b1a2800caaced7ae3fb4783c", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-280xx/CVE-2025-28030.json b/CVE-2025/CVE-2025-280xx/CVE-2025-28030.json index dbe674968e7..b3db121d65a 100644 --- a/CVE-2025/CVE-2025-280xx/CVE-2025-28030.json +++ b/CVE-2025/CVE-2025-280xx/CVE-2025-28030.json @@ -2,8 +2,8 @@ "id": "CVE-2025-28030", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-22T16:15:45.123", - "lastModified": "2025-04-23T14:15:28.803", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-04-29T16:21:07.407", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,43 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a810r_firmware:4.1.2cu.5182_b20201026:*:*:*:*:*:*:*", + "matchCriteriaId": "8FFF9A60-5961-4F2F-9365-94C5DF7F8EDA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a810r:-:*:*:*:*:*:*:*", + "matchCriteriaId": "34981911-5839-430B-8008-EACFDFCEA2A1" + } + ] + } + ] + } + ], "references": [ { "url": "https://locrian-lightning-dc7.notion.site/BufferOverflow6-19f8e5e2b1a2803db1d9ce7b4d06e2e0?pvs=73", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-280xx/CVE-2025-28031.json b/CVE-2025/CVE-2025-280xx/CVE-2025-28031.json index 0d1edee5785..b01e1845d8c 100644 --- a/CVE-2025/CVE-2025-280xx/CVE-2025-28031.json +++ b/CVE-2025/CVE-2025-280xx/CVE-2025-28031.json @@ -2,8 +2,8 @@ "id": "CVE-2025-28031", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-22T16:15:45.250", - "lastModified": "2025-04-23T14:08:13.383", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-04-29T16:21:10.783", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a810r_firmware:4.1.2cu.5182_b20201026:*:*:*:*:*:*:*", + "matchCriteriaId": "8FFF9A60-5961-4F2F-9365-94C5DF7F8EDA" + } + ] + } + ] + } + ], "references": [ { "url": "https://locrian-lightning-dc7.notion.site/Hard-code-Password-19f8e5e2b1a2803f864afbbc4262152e?pvs=73", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-280xx/CVE-2025-28032.json b/CVE-2025/CVE-2025-280xx/CVE-2025-28032.json index 0b174719d53..2295e7bce9c 100644 --- a/CVE-2025/CVE-2025-280xx/CVE-2025-28032.json +++ b/CVE-2025/CVE-2025-280xx/CVE-2025-28032.json @@ -2,8 +2,8 @@ "id": "CVE-2025-28032", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-22T14:15:25.017", - "lastModified": "2025-04-23T15:15:59.863", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-04-29T16:19:28.467", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,186 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a800r_firmware:4.1.2cu.5137_b20200730:*:*:*:*:*:*:*", + "matchCriteriaId": "E79C3048-8804-410F-BFFC-8878FFE2DF8A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a800r:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA5FEC23-3370-4C1F-96C1-C1287FCCB07B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a810r_firmware:4.1.2cu.5182_b20201026:*:*:*:*:*:*:*", + "matchCriteriaId": "8FFF9A60-5961-4F2F-9365-94C5DF7F8EDA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a810r:-:*:*:*:*:*:*:*", + "matchCriteriaId": "34981911-5839-430B-8008-EACFDFCEA2A1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a830r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*", + "matchCriteriaId": "EBE71E71-E61B-487D-8EB8-7BD55ADF2851" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a830r:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1751A6D0-CD32-4035-94B0-6085272AB214" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a950rg_firmware:4.1.2cu.5161_b20200903:*:*:*:*:*:*:*", + "matchCriteriaId": "64FA78CC-AB0C-4D86-964B-1A91C747BA8A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a950rg:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F20C691-11F3-4882-89C7-500C097C0938" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a3000ru_firmware:5.9c.5185_b20201128:*:*:*:*:*:*:*", + "matchCriteriaId": "79DE76F9-7FFB-4862-AD73-BD2ACA15EBAB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a3000ru:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FD355C8B-CA00-4093-BB2A-D3EC6EC64053" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a3100r_firmware:4.1.2cu.5247_b20211129:*:*:*:*:*:*:*", + "matchCriteriaId": "9098D12E-0A3B-4CBF-AC5E-43C5394C7719" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a3100r:-:*:*:*:*:*:*:*", + "matchCriteriaId": "40729E79-9D89-440F-B38D-E62D310E27F9" + } + ] + } + ] + } + ], "references": [ { "url": "https://locrian-lightning-dc7.notion.site/BufferOverflow6-19f8e5e2b1a28052bda1f6ede9db341d", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "Exploit" + ] }, { "url": "https://locrian-lightning-dc7.notion.site/BufferOverflow6-19f8e5e2b1a28052bda1f6ede9db341d", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Third Party Advisory", + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-280xx/CVE-2025-28033.json b/CVE-2025/CVE-2025-280xx/CVE-2025-28033.json index 9029fc91f6a..91da1c08b8d 100644 --- a/CVE-2025/CVE-2025-280xx/CVE-2025-28033.json +++ b/CVE-2025/CVE-2025-280xx/CVE-2025-28033.json @@ -2,8 +2,8 @@ "id": "CVE-2025-28033", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-22T14:15:25.150", - "lastModified": "2025-04-23T15:15:59.997", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-04-29T16:19:19.250", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,186 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a800r_firmware:4.1.2cu.5137_b20200730:*:*:*:*:*:*:*", + "matchCriteriaId": "E79C3048-8804-410F-BFFC-8878FFE2DF8A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a800r:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA5FEC23-3370-4C1F-96C1-C1287FCCB07B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a810r_firmware:4.1.2cu.5182_b20201026:*:*:*:*:*:*:*", + "matchCriteriaId": "8FFF9A60-5961-4F2F-9365-94C5DF7F8EDA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a810r:-:*:*:*:*:*:*:*", + "matchCriteriaId": "34981911-5839-430B-8008-EACFDFCEA2A1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a830r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*", + "matchCriteriaId": "EBE71E71-E61B-487D-8EB8-7BD55ADF2851" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a830r:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1751A6D0-CD32-4035-94B0-6085272AB214" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a950rg_firmware:4.1.2cu.5161_b20200903:*:*:*:*:*:*:*", + "matchCriteriaId": "64FA78CC-AB0C-4D86-964B-1A91C747BA8A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a950rg:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F20C691-11F3-4882-89C7-500C097C0938" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a3000ru_firmware:5.9c.5185_b20201128:*:*:*:*:*:*:*", + "matchCriteriaId": "79DE76F9-7FFB-4862-AD73-BD2ACA15EBAB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a3000ru:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FD355C8B-CA00-4093-BB2A-D3EC6EC64053" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a3100r_firmware:4.1.2cu.5247_b20211129:*:*:*:*:*:*:*", + "matchCriteriaId": "9098D12E-0A3B-4CBF-AC5E-43C5394C7719" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a3100r:-:*:*:*:*:*:*:*", + "matchCriteriaId": "40729E79-9D89-440F-B38D-E62D310E27F9" + } + ] + } + ] + } + ], "references": [ { "url": "https://locrian-lightning-dc7.notion.site/BufferOverflow7-1a98e5e2b1a280708d6ec6155ce88d8c", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://locrian-lightning-dc7.notion.site/CVE-2025-28033-BufferOverflow7-1a98e5e2b1a280708d6ec6155ce88d8c", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-280xx/CVE-2025-28034.json b/CVE-2025/CVE-2025-280xx/CVE-2025-28034.json index 622c3bdc6c0..4aa42a7909f 100644 --- a/CVE-2025/CVE-2025-280xx/CVE-2025-28034.json +++ b/CVE-2025/CVE-2025-280xx/CVE-2025-28034.json @@ -2,8 +2,8 @@ "id": "CVE-2025-28034", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-22T14:15:25.263", - "lastModified": "2025-04-23T15:16:00.140", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-04-29T16:18:58.493", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,186 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a800r_firmware:4.1.2cu.5137_b20200730:*:*:*:*:*:*:*", + "matchCriteriaId": "E79C3048-8804-410F-BFFC-8878FFE2DF8A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a800r:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA5FEC23-3370-4C1F-96C1-C1287FCCB07B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a810r_firmware:4.1.2cu.5182_b20201026:*:*:*:*:*:*:*", + "matchCriteriaId": "8FFF9A60-5961-4F2F-9365-94C5DF7F8EDA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a810r:-:*:*:*:*:*:*:*", + "matchCriteriaId": "34981911-5839-430B-8008-EACFDFCEA2A1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a830r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*", + "matchCriteriaId": "EBE71E71-E61B-487D-8EB8-7BD55ADF2851" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a830r:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1751A6D0-CD32-4035-94B0-6085272AB214" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a950rg_firmware:4.1.2cu.5161_b20200903:*:*:*:*:*:*:*", + "matchCriteriaId": "64FA78CC-AB0C-4D86-964B-1A91C747BA8A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a950rg:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F20C691-11F3-4882-89C7-500C097C0938" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a3000ru_firmware:5.9c.5185_b20201128:*:*:*:*:*:*:*", + "matchCriteriaId": "79DE76F9-7FFB-4862-AD73-BD2ACA15EBAB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a3000ru:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FD355C8B-CA00-4093-BB2A-D3EC6EC64053" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a3100r_firmware:4.1.2cu.5247_b20211129:*:*:*:*:*:*:*", + "matchCriteriaId": "9098D12E-0A3B-4CBF-AC5E-43C5394C7719" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a3100r:-:*:*:*:*:*:*:*", + "matchCriteriaId": "40729E79-9D89-440F-B38D-E62D310E27F9" + } + ] + } + ] + } + ], "references": [ { "url": "https://locrian-lightning-dc7.notion.site/RCE2-1a98e5e2b1a280bebf53d868f1b1a711?pvs=74", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://locrian-lightning-dc7.notion.site/CVE-2025-28034-RCE2-1a98e5e2b1a280bebf53d868f1b1a711", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-280xx/CVE-2025-28035.json b/CVE-2025/CVE-2025-280xx/CVE-2025-28035.json index 889eaee81d7..1270bd7f07f 100644 --- a/CVE-2025/CVE-2025-280xx/CVE-2025-28035.json +++ b/CVE-2025/CVE-2025-280xx/CVE-2025-28035.json @@ -2,8 +2,8 @@ "id": "CVE-2025-28035", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-22T18:15:59.160", - "lastModified": "2025-04-23T15:16:00.263", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-04-29T16:14:17.150", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,186 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a830r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*", + "matchCriteriaId": "EBE71E71-E61B-487D-8EB8-7BD55ADF2851" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a830r:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1751A6D0-CD32-4035-94B0-6085272AB214" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a3100r_firmware:4.1.2cu.5247_b20211129:*:*:*:*:*:*:*", + "matchCriteriaId": "9098D12E-0A3B-4CBF-AC5E-43C5394C7719" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a3100r:-:*:*:*:*:*:*:*", + "matchCriteriaId": "40729E79-9D89-440F-B38D-E62D310E27F9" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a810r_firmware:4.1.2cu.5182_b20201026:*:*:*:*:*:*:*", + "matchCriteriaId": "8FFF9A60-5961-4F2F-9365-94C5DF7F8EDA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a810r:-:*:*:*:*:*:*:*", + "matchCriteriaId": "34981911-5839-430B-8008-EACFDFCEA2A1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a800r_firmware:4.1.2cu.5137_b20200730:*:*:*:*:*:*:*", + "matchCriteriaId": "E79C3048-8804-410F-BFFC-8878FFE2DF8A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a800r:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA5FEC23-3370-4C1F-96C1-C1287FCCB07B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a3000ru_firmware:5.9c.5185_b20201128:*:*:*:*:*:*:*", + "matchCriteriaId": "79DE76F9-7FFB-4862-AD73-BD2ACA15EBAB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a3000ru:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FD355C8B-CA00-4093-BB2A-D3EC6EC64053" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a950rg_firmware:4.1.2cu.5161_b20200903:*:*:*:*:*:*:*", + "matchCriteriaId": "64FA78CC-AB0C-4D86-964B-1A91C747BA8A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a950rg:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F20C691-11F3-4882-89C7-500C097C0938" + } + ] + } + ] + } + ], "references": [ { "url": "https://locrian-lightning-dc7.notion.site/RCE1-1a98e5e2b1a28081880dd817104b3af4?pvs=73", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://locrian-lightning-dc7.notion.site/CVE-2025-28035-CVE-2025-28036-RCE1-1a98e5e2b1a28081880dd817104b3af4", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-280xx/CVE-2025-28036.json b/CVE-2025/CVE-2025-280xx/CVE-2025-28036.json index 9c57351b5a5..bbf13ea9e52 100644 --- a/CVE-2025/CVE-2025-280xx/CVE-2025-28036.json +++ b/CVE-2025/CVE-2025-280xx/CVE-2025-28036.json @@ -2,8 +2,8 @@ "id": "CVE-2025-28036", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-22T18:15:59.260", - "lastModified": "2025-04-23T15:16:00.403", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-04-29T16:13:29.720", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,186 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a950rg_firmware:4.1.2cu.5161_b20200903:*:*:*:*:*:*:*", + "matchCriteriaId": "64FA78CC-AB0C-4D86-964B-1A91C747BA8A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a950rg:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F20C691-11F3-4882-89C7-500C097C0938" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a810r_firmware:4.1.2cu.5182_b20201026:*:*:*:*:*:*:*", + "matchCriteriaId": "8FFF9A60-5961-4F2F-9365-94C5DF7F8EDA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a810r:-:*:*:*:*:*:*:*", + "matchCriteriaId": "34981911-5839-430B-8008-EACFDFCEA2A1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a800r_firmware:4.1.2cu.5137_b20200730:*:*:*:*:*:*:*", + "matchCriteriaId": "E79C3048-8804-410F-BFFC-8878FFE2DF8A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a800r:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA5FEC23-3370-4C1F-96C1-C1287FCCB07B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a830r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*", + "matchCriteriaId": "EBE71E71-E61B-487D-8EB8-7BD55ADF2851" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a830r:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1751A6D0-CD32-4035-94B0-6085272AB214" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a3000ru_firmware:5.9c.5185_b20201128:*:*:*:*:*:*:*", + "matchCriteriaId": "79DE76F9-7FFB-4862-AD73-BD2ACA15EBAB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a3000ru:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FD355C8B-CA00-4093-BB2A-D3EC6EC64053" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a3100r_firmware:4.1.2cu.5247_b20211129:*:*:*:*:*:*:*", + "matchCriteriaId": "9098D12E-0A3B-4CBF-AC5E-43C5394C7719" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a3100r:-:*:*:*:*:*:*:*", + "matchCriteriaId": "40729E79-9D89-440F-B38D-E62D310E27F9" + } + ] + } + ] + } + ], "references": [ { "url": "https://locrian-lightning-dc7.notion.site/RCE1-1a98e5e2b1a28081880dd817104b3af4", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://locrian-lightning-dc7.notion.site/CVE-2025-28035-CVE-2025-28036-RCE1-1a98e5e2b1a28081880dd817104b3af4", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-280xx/CVE-2025-28037.json b/CVE-2025/CVE-2025-280xx/CVE-2025-28037.json index c5da596fad5..051f43be08e 100644 --- a/CVE-2025/CVE-2025-280xx/CVE-2025-28037.json +++ b/CVE-2025/CVE-2025-280xx/CVE-2025-28037.json @@ -2,8 +2,8 @@ "id": "CVE-2025-28037", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-22T16:15:45.370", - "lastModified": "2025-04-23T16:15:45.220", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-04-29T16:03:42.887", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,78 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a810r_firmware:4.1.2cu.5182_b20201026:*:*:*:*:*:*:*", + "matchCriteriaId": "8FFF9A60-5961-4F2F-9365-94C5DF7F8EDA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a810r:-:*:*:*:*:*:*:*", + "matchCriteriaId": "34981911-5839-430B-8008-EACFDFCEA2A1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a950rg_firmware:4.1.2cu.5182_b20201026:*:*:*:*:*:*:*", + "matchCriteriaId": "FC194AFC-2A93-45CC-8AC9-033A87953D70" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a950rg:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F20C691-11F3-4882-89C7-500C097C0938" + } + ] + } + ] + } + ], "references": [ { "url": "https://locrian-lightning-dc7.notion.site/RCE3-1ad8e5e2b1a280e192e8cff9fef896cc", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://locrian-lightning-dc7.notion.site/RCE3-1ad8e5e2b1a280e192e8cff9fef896cc", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-280xx/CVE-2025-28038.json b/CVE-2025/CVE-2025-280xx/CVE-2025-28038.json index f27573c6f62..8513b37e1bb 100644 --- a/CVE-2025/CVE-2025-280xx/CVE-2025-28038.json +++ b/CVE-2025/CVE-2025-280xx/CVE-2025-28038.json @@ -2,8 +2,8 @@ "id": "CVE-2025-28038", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-22T18:15:59.377", - "lastModified": "2025-04-23T14:08:13.383", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-04-29T16:02:01.753", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,51 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:ex1200t_firmware:4.1.2cu.5232_b20210713:*:*:*:*:*:*:*", + "matchCriteriaId": "1DD36F94-8646-4794-8878-6F4BF1BF1153" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:ex1200t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F262644E-2558-423E-A19E-7C86A1756FBF" + } + ] + } + ] + } + ], "references": [ { "url": "https://locrian-lightning-dc7.notion.site/RCE1-1ad8e5e2b1a28030a1c8febac89935a0", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://locrian-lightning-dc7.notion.site/RCE1-1ad8e5e2b1a28030a1c8febac89935a0", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-280xx/CVE-2025-28039.json b/CVE-2025/CVE-2025-280xx/CVE-2025-28039.json index 55d45a47477..27c81245b43 100644 --- a/CVE-2025/CVE-2025-280xx/CVE-2025-28039.json +++ b/CVE-2025/CVE-2025-280xx/CVE-2025-28039.json @@ -2,8 +2,8 @@ "id": "CVE-2025-28039", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-22T18:15:59.500", - "lastModified": "2025-04-23T14:08:13.383", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-04-29T16:01:14.980", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,51 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:ex1200t_firmware:4.1.2cu.5232_b20210713:*:*:*:*:*:*:*", + "matchCriteriaId": "1DD36F94-8646-4794-8878-6F4BF1BF1153" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:ex1200t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F262644E-2558-423E-A19E-7C86A1756FBF" + } + ] + } + ] + } + ], "references": [ { "url": "https://locrian-lightning-dc7.notion.site/RCE2-1ad8e5e2b1a280fbb0cacc7e758e7299", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://locrian-lightning-dc7.notion.site/RCE2-1ad8e5e2b1a280fbb0cacc7e758e7299", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-281xx/CVE-2025-28136.json b/CVE-2025/CVE-2025-281xx/CVE-2025-28136.json index d2176a8d4ea..8a27c166798 100644 --- a/CVE-2025/CVE-2025-281xx/CVE-2025-28136.json +++ b/CVE-2025/CVE-2025-281xx/CVE-2025-28136.json @@ -2,8 +2,8 @@ "id": "CVE-2025-28136", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-15T14:15:41.283", - "lastModified": "2025-04-15T21:15:55.767", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-04-29T16:22:52.613", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,49 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a800r_firmware:4.1.2cu.5137_b20200730:*:*:*:*:*:*:*", + "matchCriteriaId": "E79C3048-8804-410F-BFFC-8878FFE2DF8A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a800r:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA5FEC23-3370-4C1F-96C1-C1287FCCB07B" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Zerone0x00/CVE/blob/main/TOTOLINK/CVE-2025-28136.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://sudsy-eyeliner-a59.notion.site/BufferOverflow-V4-1-2cu-5137_B20200730-19872b8cd95f80cf8df9f3abcb912554", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-281xx/CVE-2025-28137.json b/CVE-2025/CVE-2025-281xx/CVE-2025-28137.json index 03a88feb6b5..302aabdc705 100644 --- a/CVE-2025/CVE-2025-281xx/CVE-2025-28137.json +++ b/CVE-2025/CVE-2025-281xx/CVE-2025-28137.json @@ -2,8 +2,8 @@ "id": "CVE-2025-28137", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-15T14:15:41.400", - "lastModified": "2025-04-15T18:39:27.967", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-04-29T16:23:23.197", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,18 +51,59 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a810r_firmware:4.1.2cu.5182_b20201026:*:*:*:*:*:*:*", + "matchCriteriaId": "8FFF9A60-5961-4F2F-9365-94C5DF7F8EDA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a810r:-:*:*:*:*:*:*:*", + "matchCriteriaId": "34981911-5839-430B-8008-EACFDFCEA2A1" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Zerone0x00/CVE/blob/main/TOTOLINK/CVE-2025-28137.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://sudsy-eyeliner-a59.notion.site/RCE1-1ab72b8cd95f80d09eded269810f3756?pvs=4", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://sudsy-eyeliner-a59.notion.site/RCE1-1ab72b8cd95f80d09eded269810f3756", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-290xx/CVE-2025-29064.json b/CVE-2025/CVE-2025-290xx/CVE-2025-29064.json index 4d54b3451d0..f79521a2468 100644 --- a/CVE-2025/CVE-2025-290xx/CVE-2025-29064.json +++ b/CVE-2025/CVE-2025-290xx/CVE-2025-29064.json @@ -2,8 +2,8 @@ "id": "CVE-2025-29064", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-03T20:15:24.117", - "lastModified": "2025-04-07T19:15:55.633", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-04-29T16:22:36.443", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,49 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:x18_firmware:9.1.0cu.2024_b20220329:*:*:*:*:*:*:*", + "matchCriteriaId": "147FED55-DD5F-4AC0-B261-9FABC0498F67" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:x18:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D4D9B188-E15C-4915-848A-4F6C2E6EB067" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/kn0sky/cve/blob/main/TOTOLINK%20X18/OS%20Command%20Injection%20setLanguageCfg_lang.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://github.com/kn0sky/cve/blob/main/TOTOLINK%20X18/OS%20Command%20Injection%20setLanguageCfg_lang.md", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-292xx/CVE-2025-29209.json b/CVE-2025/CVE-2025-292xx/CVE-2025-29209.json index 36ea4459667..ed69eb420ed 100644 --- a/CVE-2025/CVE-2025-292xx/CVE-2025-29209.json +++ b/CVE-2025/CVE-2025-292xx/CVE-2025-29209.json @@ -2,8 +2,8 @@ "id": "CVE-2025-29209", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-18T15:15:58.653", - "lastModified": "2025-04-22T15:16:12.130", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-04-29T16:23:36.113", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,51 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:x18_firmware:9.1.0cu.2024_b20220329:*:*:*:*:*:*:*", + "matchCriteriaId": "147FED55-DD5F-4AC0-B261-9FABC0498F67" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:x18:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D4D9B188-E15C-4915-848A-4F6C2E6EB067" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/LZY0522/CVE/blob/main/X18-sub_41105c.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/LZY0522/CVE/blob/main/X18-sub_41105c.md", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-29xx/CVE-2025-2907.json b/CVE-2025/CVE-2025-29xx/CVE-2025-2907.json index df155457d9c..8e2a25ceb89 100644 --- a/CVE-2025/CVE-2025-29xx/CVE-2025-2907.json +++ b/CVE-2025/CVE-2025-29xx/CVE-2025-2907.json @@ -2,7 +2,7 @@ "id": "CVE-2025-2907", "sourceIdentifier": "contact@wpscan.com", "published": "2025-04-26T06:15:16.087", - "lastModified": "2025-04-29T13:52:10.697", + "lastModified": "2025-04-29T16:15:30.733", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,11 +15,38 @@ "value": "El complemento Order Delivery Date WordPress anterior a la versi\u00f3n 12.3.1 no cuenta con comprobaciones de autorizaci\u00f3n ni CSRF al importar la configuraci\u00f3n. Adem\u00e1s, carece de las comprobaciones adecuadas para actualizar \u00fanicamente las opciones relevantes para el complemento de WordPress Order Delivery Date anterior a la versi\u00f3n 12.3.1. Esto permite que los atacantes modifiquen el rol de usuario predeterminado (default_user_role) a administrador y usuarios (users_can_register), lo que les permite registrarse como administradores del sitio y obtener el control total del mismo." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, "references": [ { "url": "https://wpscan.com/vulnerability/2e513930-ec01-4dc6-8991-645c5267e14c/", "source": "contact@wpscan.com" + }, + { + "url": "https://wpscan.com/vulnerability/2e513930-ec01-4dc6-8991-645c5267e14c/", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-304xx/CVE-2025-30445.json b/CVE-2025/CVE-2025-304xx/CVE-2025-30445.json index c6938ef5223..6636ca37e00 100644 --- a/CVE-2025/CVE-2025-304xx/CVE-2025-30445.json +++ b/CVE-2025/CVE-2025-304xx/CVE-2025-30445.json @@ -2,7 +2,7 @@ "id": "CVE-2025-30445", "sourceIdentifier": "product-security@apple.com", "published": "2025-04-29T03:15:34.860", - "lastModified": "2025-04-29T13:52:10.697", + "lastModified": "2025-04-29T16:15:30.873", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "Se solucion\u00f3 un problema de confusi\u00f3n de tipos mejorando las comprobaciones. Este problema se solucion\u00f3 en macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4, iPadOS 18.4 y visionOS 2.4. Un atacante en la red local podr\u00eda provocar el cierre inesperado de la aplicaci\u00f3n." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-843" + } + ] + } + ], "references": [ { "url": "https://support.apple.com/en-us/122371", diff --git a/CVE-2025/CVE-2025-30xx/CVE-2025-3059.json b/CVE-2025/CVE-2025-30xx/CVE-2025-3059.json index de7f7f09def..bcad10c0910 100644 --- a/CVE-2025/CVE-2025-30xx/CVE-2025-3059.json +++ b/CVE-2025/CVE-2025-30xx/CVE-2025-3059.json @@ -2,7 +2,7 @@ "id": "CVE-2025-3059", "sourceIdentifier": "mlhess@drupal.org", "published": "2025-03-31T23:15:30.330", - "lastModified": "2025-04-01T20:26:11.547", + "lastModified": "2025-04-29T16:15:36.010", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "Vulnerabilidad en Drupal Profile Private. Este problema afecta al perfil privado: *.*." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], "references": [ { "url": "https://www.drupal.org/sa-contrib-2025-002", diff --git a/CVE-2025/CVE-2025-312xx/CVE-2025-31202.json b/CVE-2025/CVE-2025-312xx/CVE-2025-31202.json index 3c969a126a0..517725aede0 100644 --- a/CVE-2025/CVE-2025-312xx/CVE-2025-31202.json +++ b/CVE-2025/CVE-2025-312xx/CVE-2025-31202.json @@ -2,7 +2,7 @@ "id": "CVE-2025-31202", "sourceIdentifier": "product-security@apple.com", "published": "2025-04-29T03:15:35.040", - "lastModified": "2025-04-29T13:52:10.697", + "lastModified": "2025-04-29T16:15:31.030", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "Se solucion\u00f3 una desreferencia de puntero nulo mejorando la validaci\u00f3n de entrada. Este problema se solucion\u00f3 en iOS 18.4 y iPadOS 18.4, macOS Sequoia 15.4, tvOS 18.4 y visionOS 2.4. Un atacante en la red local podr\u00eda provocar una denegaci\u00f3n de servicio." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], "references": [ { "url": "https://support.apple.com/en-us/122371", diff --git a/CVE-2025/CVE-2025-312xx/CVE-2025-31203.json b/CVE-2025/CVE-2025-312xx/CVE-2025-31203.json index 79231d631e3..837b260587d 100644 --- a/CVE-2025/CVE-2025-312xx/CVE-2025-31203.json +++ b/CVE-2025/CVE-2025-312xx/CVE-2025-31203.json @@ -2,7 +2,7 @@ "id": "CVE-2025-31203", "sourceIdentifier": "product-security@apple.com", "published": "2025-04-29T03:15:35.133", - "lastModified": "2025-04-29T13:52:10.697", + "lastModified": "2025-04-29T16:15:31.170", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "Se solucion\u00f3 un desbordamiento de enteros mejorando la validaci\u00f3n de entrada. Este problema se solucion\u00f3 en macOS Sequoia 15.4, tvOS 18.4, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 y iPadOS 18.4, watchOS 11.4 y visionOS 2.4. Un atacante en la red local podr\u00eda provocar una denegaci\u00f3n de servicio." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + } + ], "references": [ { "url": "https://support.apple.com/en-us/122371", diff --git a/CVE-2025/CVE-2025-316xx/CVE-2025-31673.json b/CVE-2025/CVE-2025-316xx/CVE-2025-31673.json index 71d28dbfe36..4c714f2364b 100644 --- a/CVE-2025/CVE-2025-316xx/CVE-2025-31673.json +++ b/CVE-2025/CVE-2025-316xx/CVE-2025-31673.json @@ -2,7 +2,7 @@ "id": "CVE-2025-31673", "sourceIdentifier": "mlhess@drupal.org", "published": "2025-03-31T22:15:19.773", - "lastModified": "2025-04-01T20:26:22.890", + "lastModified": "2025-04-29T16:15:31.317", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,30 @@ "value": "Vulnerabilidad de autorizaci\u00f3n incorrecta en Drupal Drupal core permite la navegaci\u00f3n forzada. Este problema afecta al n\u00facleo de Drupal: desde 8.0.0 antes de 10.3.13, desde 10.4.0 antes de 10.4.3, desde 11.0.0 antes de 11.0.12, desde 11.1.0 antes de 11.1.3." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.1, + "impactScore": 2.5 + } + ] + }, "weaknesses": [ { "source": "mlhess@drupal.org", diff --git a/CVE-2025/CVE-2025-316xx/CVE-2025-31675.json b/CVE-2025/CVE-2025-316xx/CVE-2025-31675.json index 4b68bd2cec1..f308a983ff5 100644 --- a/CVE-2025/CVE-2025-316xx/CVE-2025-31675.json +++ b/CVE-2025/CVE-2025-316xx/CVE-2025-31675.json @@ -2,7 +2,7 @@ "id": "CVE-2025-31675", "sourceIdentifier": "mlhess@drupal.org", "published": "2025-03-31T22:15:20.003", - "lastModified": "2025-04-01T20:26:22.890", + "lastModified": "2025-04-29T16:15:31.470", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,30 @@ "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Drupal Drupal core permite Cross-Site Scripting (XSS). Este problema afecta al n\u00facleo de Drupal: desde la versi\u00f3n 8.0.0 hasta la 10.3.14, desde la versi\u00f3n 10.4.0 hasta la 10.4.5, desde la versi\u00f3n 11.0.0 hasta la 11.0.13, desde la versi\u00f3n 11.1.0 hasta la 11.1.5." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "mlhess@drupal.org", diff --git a/CVE-2025/CVE-2025-316xx/CVE-2025-31676.json b/CVE-2025/CVE-2025-316xx/CVE-2025-31676.json index d683bf00588..9b110b41119 100644 --- a/CVE-2025/CVE-2025-316xx/CVE-2025-31676.json +++ b/CVE-2025/CVE-2025-316xx/CVE-2025-31676.json @@ -2,7 +2,7 @@ "id": "CVE-2025-31676", "sourceIdentifier": "mlhess@drupal.org", "published": "2025-03-31T22:15:20.113", - "lastModified": "2025-04-01T20:26:22.890", + "lastModified": "2025-04-29T16:15:31.617", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,30 @@ "value": "La vulnerabilidad de autenticaci\u00f3n d\u00e9bil en Drupal Email TFA permite la fuerza bruta. Este problema afecta a Email TFA: desde 0.0.0 antes de 2.0.3." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "mlhess@drupal.org", diff --git a/CVE-2025/CVE-2025-316xx/CVE-2025-31677.json b/CVE-2025/CVE-2025-316xx/CVE-2025-31677.json index 88373bb2ae4..27d175f03ac 100644 --- a/CVE-2025/CVE-2025-316xx/CVE-2025-31677.json +++ b/CVE-2025/CVE-2025-316xx/CVE-2025-31677.json @@ -2,7 +2,7 @@ "id": "CVE-2025-31677", "sourceIdentifier": "mlhess@drupal.org", "published": "2025-03-31T22:15:20.227", - "lastModified": "2025-04-01T20:26:22.890", + "lastModified": "2025-04-29T16:15:31.757", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,30 @@ "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Drupal AI (Inteligencia Artificial) permite Cross-Site Request Forgery. Este problema afecta a AI (Inteligencia Artificial): desde 1.0.0 antes de 1.0.2." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "mlhess@drupal.org", diff --git a/CVE-2025/CVE-2025-316xx/CVE-2025-31678.json b/CVE-2025/CVE-2025-316xx/CVE-2025-31678.json index 022f85c0d91..bd92503ffc0 100644 --- a/CVE-2025/CVE-2025-316xx/CVE-2025-31678.json +++ b/CVE-2025/CVE-2025-316xx/CVE-2025-31678.json @@ -2,7 +2,7 @@ "id": "CVE-2025-31678", "sourceIdentifier": "mlhess@drupal.org", "published": "2025-03-31T22:15:20.330", - "lastModified": "2025-04-01T20:26:22.890", + "lastModified": "2025-04-29T16:15:31.910", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,30 @@ "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Drupal AI (Inteligencia Artificial) permite la navegaci\u00f3n forzada. Este problema afecta a AI (Inteligencia Artificial): desde 0.0.0 antes de 1.0.3." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.2 + } + ] + }, "weaknesses": [ { "source": "mlhess@drupal.org", diff --git a/CVE-2025/CVE-2025-316xx/CVE-2025-31679.json b/CVE-2025/CVE-2025-316xx/CVE-2025-31679.json index ba033d4d0a5..2b5ff58ddcb 100644 --- a/CVE-2025/CVE-2025-316xx/CVE-2025-31679.json +++ b/CVE-2025/CVE-2025-316xx/CVE-2025-31679.json @@ -2,7 +2,7 @@ "id": "CVE-2025-31679", "sourceIdentifier": "mlhess@drupal.org", "published": "2025-03-31T22:15:20.440", - "lastModified": "2025-04-01T20:26:22.890", + "lastModified": "2025-04-29T16:15:32.067", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,30 @@ "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Drupal Ignition Error Pages permite Cross-Site Scripting (XSS). Este problema afecta a Ignition Error Pages: desde la versi\u00f3n 0.0.0 hasta la 1.0.4." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "mlhess@drupal.org", diff --git a/CVE-2025/CVE-2025-316xx/CVE-2025-31680.json b/CVE-2025/CVE-2025-316xx/CVE-2025-31680.json index 1a4117db52d..9e03ddec08c 100644 --- a/CVE-2025/CVE-2025-316xx/CVE-2025-31680.json +++ b/CVE-2025/CVE-2025-316xx/CVE-2025-31680.json @@ -2,7 +2,7 @@ "id": "CVE-2025-31680", "sourceIdentifier": "mlhess@drupal.org", "published": "2025-03-31T22:15:20.550", - "lastModified": "2025-04-01T20:26:22.890", + "lastModified": "2025-04-29T16:15:32.230", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,30 @@ "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Drupal Matomo Analytics permite Cross-Site Request Forgery. Este problema afecta a Matomo Analytics: desde la versi\u00f3n 0.0.0 hasta la 1.24.0." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.2 + } + ] + }, "weaknesses": [ { "source": "mlhess@drupal.org", diff --git a/CVE-2025/CVE-2025-316xx/CVE-2025-31681.json b/CVE-2025/CVE-2025-316xx/CVE-2025-31681.json index f7e4d62ed99..8c96c10282e 100644 --- a/CVE-2025/CVE-2025-316xx/CVE-2025-31681.json +++ b/CVE-2025/CVE-2025-316xx/CVE-2025-31681.json @@ -2,7 +2,7 @@ "id": "CVE-2025-31681", "sourceIdentifier": "mlhess@drupal.org", "published": "2025-03-31T22:15:20.663", - "lastModified": "2025-04-01T20:26:22.890", + "lastModified": "2025-04-29T16:15:32.373", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,30 @@ "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Drupal Authenticator Login permite la navegaci\u00f3n forzada. Este problema afecta al inicio de sesi\u00f3n del autenticador: desde la versi\u00f3n 0.0.0 hasta la 2.0.6." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "mlhess@drupal.org", diff --git a/CVE-2025/CVE-2025-316xx/CVE-2025-31682.json b/CVE-2025/CVE-2025-316xx/CVE-2025-31682.json index 7583ffa9106..58ccdd0b663 100644 --- a/CVE-2025/CVE-2025-316xx/CVE-2025-31682.json +++ b/CVE-2025/CVE-2025-316xx/CVE-2025-31682.json @@ -2,7 +2,7 @@ "id": "CVE-2025-31682", "sourceIdentifier": "mlhess@drupal.org", "published": "2025-03-31T22:15:20.767", - "lastModified": "2025-04-01T20:26:22.890", + "lastModified": "2025-04-29T16:15:32.527", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,30 @@ "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Drupal Google Tag permite Cross-Site Scripting (XSS). Este problema afecta a Google Tag: desde la versi\u00f3n 0.0.0 hasta la 1.8.0, desde la versi\u00f3n 2.0.0 hasta la 2.0.8." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "mlhess@drupal.org", diff --git a/CVE-2025/CVE-2025-316xx/CVE-2025-31683.json b/CVE-2025/CVE-2025-316xx/CVE-2025-31683.json index c11d1c5a13d..a8baeb8ad93 100644 --- a/CVE-2025/CVE-2025-316xx/CVE-2025-31683.json +++ b/CVE-2025/CVE-2025-316xx/CVE-2025-31683.json @@ -2,7 +2,7 @@ "id": "CVE-2025-31683", "sourceIdentifier": "mlhess@drupal.org", "published": "2025-03-31T22:15:20.890", - "lastModified": "2025-04-01T20:26:22.890", + "lastModified": "2025-04-29T16:15:32.687", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,30 @@ "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Drupal Google Tag permite Cross-Site Request Forgery. Este problema afecta a Google Tag: desde la versi\u00f3n 0.0.0 hasta la 1.8.0, desde la versi\u00f3n 2.0.0 hasta la 2.0.8." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.2 + } + ] + }, "weaknesses": [ { "source": "mlhess@drupal.org", diff --git a/CVE-2025/CVE-2025-316xx/CVE-2025-31684.json b/CVE-2025/CVE-2025-316xx/CVE-2025-31684.json index acc2f4bfd62..2d047048157 100644 --- a/CVE-2025/CVE-2025-316xx/CVE-2025-31684.json +++ b/CVE-2025/CVE-2025-316xx/CVE-2025-31684.json @@ -2,7 +2,7 @@ "id": "CVE-2025-31684", "sourceIdentifier": "mlhess@drupal.org", "published": "2025-03-31T22:15:20.993", - "lastModified": "2025-04-01T20:26:22.890", + "lastModified": "2025-04-29T16:15:32.823", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,30 @@ "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Drupal OAuth2 Client permite Cross-Site Request Forgery. Este problema afecta al cliente OAuth2: desde la versi\u00f3n 0.0.0 hasta la 4.1.3." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.2 + } + ] + }, "weaknesses": [ { "source": "mlhess@drupal.org", diff --git a/CVE-2025/CVE-2025-316xx/CVE-2025-31685.json b/CVE-2025/CVE-2025-316xx/CVE-2025-31685.json index d75240a26a8..7c5bd80624e 100644 --- a/CVE-2025/CVE-2025-316xx/CVE-2025-31685.json +++ b/CVE-2025/CVE-2025-316xx/CVE-2025-31685.json @@ -2,7 +2,7 @@ "id": "CVE-2025-31685", "sourceIdentifier": "mlhess@drupal.org", "published": "2025-03-31T22:15:21.103", - "lastModified": "2025-04-01T20:26:22.890", + "lastModified": "2025-04-29T16:15:32.967", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,30 @@ "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Drupal Open Social permite la navegaci\u00f3n forzada. Este problema afecta a Open Social: desde la versi\u00f3n 0.0.0 hasta la 12.3.11, desde la versi\u00f3n 12.4.0 hasta la 12.4.10." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ] + }, "weaknesses": [ { "source": "mlhess@drupal.org", diff --git a/CVE-2025/CVE-2025-316xx/CVE-2025-31686.json b/CVE-2025/CVE-2025-316xx/CVE-2025-31686.json index 89756d85650..22941596bb8 100644 --- a/CVE-2025/CVE-2025-316xx/CVE-2025-31686.json +++ b/CVE-2025/CVE-2025-316xx/CVE-2025-31686.json @@ -2,7 +2,7 @@ "id": "CVE-2025-31686", "sourceIdentifier": "mlhess@drupal.org", "published": "2025-03-31T22:15:21.210", - "lastModified": "2025-04-01T20:26:22.890", + "lastModified": "2025-04-29T16:15:33.113", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,30 @@ "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Drupal Open Social permite la navegaci\u00f3n forzada. Este problema afecta a Open Social: desde la versi\u00f3n 0.0.0 hasta la 12.3.11, desde la versi\u00f3n 12.4.0 hasta la 12.4.10." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "mlhess@drupal.org", diff --git a/CVE-2025/CVE-2025-316xx/CVE-2025-31687.json b/CVE-2025/CVE-2025-316xx/CVE-2025-31687.json index 14006698311..54db07632a5 100644 --- a/CVE-2025/CVE-2025-316xx/CVE-2025-31687.json +++ b/CVE-2025/CVE-2025-316xx/CVE-2025-31687.json @@ -2,7 +2,7 @@ "id": "CVE-2025-31687", "sourceIdentifier": "mlhess@drupal.org", "published": "2025-03-31T22:15:21.317", - "lastModified": "2025-04-01T20:26:22.890", + "lastModified": "2025-04-29T16:15:33.253", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,30 @@ "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Drupal SpamSpan filter permite Cross-Site Scripting (XSS). Este problema afecta al filtro SpamSpan: desde la versi\u00f3n 0.0.0 hasta la 3.2.1." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "mlhess@drupal.org", diff --git a/CVE-2025/CVE-2025-316xx/CVE-2025-31688.json b/CVE-2025/CVE-2025-316xx/CVE-2025-31688.json index 6bed78669fd..cc939393ea5 100644 --- a/CVE-2025/CVE-2025-316xx/CVE-2025-31688.json +++ b/CVE-2025/CVE-2025-316xx/CVE-2025-31688.json @@ -2,7 +2,7 @@ "id": "CVE-2025-31688", "sourceIdentifier": "mlhess@drupal.org", "published": "2025-03-31T22:15:21.413", - "lastModified": "2025-04-01T20:26:22.890", + "lastModified": "2025-04-29T16:15:33.397", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,30 @@ "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Drupal Configuration Split permite Cross-Site Request Forgery. Este problema afecta a Configuration Split: desde la versi\u00f3n 0.0.0 hasta la 1.10.0, desde la versi\u00f3n 2.0.0 hasta la 2.0.2." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.2 + } + ] + }, "weaknesses": [ { "source": "mlhess@drupal.org", diff --git a/CVE-2025/CVE-2025-316xx/CVE-2025-31689.json b/CVE-2025/CVE-2025-316xx/CVE-2025-31689.json index 3ed89d4e8c4..8ae5f35f606 100644 --- a/CVE-2025/CVE-2025-316xx/CVE-2025-31689.json +++ b/CVE-2025/CVE-2025-316xx/CVE-2025-31689.json @@ -2,7 +2,7 @@ "id": "CVE-2025-31689", "sourceIdentifier": "mlhess@drupal.org", "published": "2025-03-31T22:15:21.517", - "lastModified": "2025-04-01T20:26:22.890", + "lastModified": "2025-04-29T16:15:33.537", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,30 @@ "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Drupal General Data Protection Regulation permite Cross-Site Request Forgery. Este problema afecta al Reglamento General de Protecci\u00f3n de Datos: desde la versi\u00f3n 0.0.0 hasta la 3.0.1, desde la versi\u00f3n 3.1.0 hasta la 3.1.2." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + } + ] + }, "weaknesses": [ { "source": "mlhess@drupal.org", diff --git a/CVE-2025/CVE-2025-316xx/CVE-2025-31690.json b/CVE-2025/CVE-2025-316xx/CVE-2025-31690.json index 305959b5612..3b80a5a7ac1 100644 --- a/CVE-2025/CVE-2025-316xx/CVE-2025-31690.json +++ b/CVE-2025/CVE-2025-316xx/CVE-2025-31690.json @@ -2,7 +2,7 @@ "id": "CVE-2025-31690", "sourceIdentifier": "mlhess@drupal.org", "published": "2025-03-31T22:15:21.623", - "lastModified": "2025-04-01T20:26:22.890", + "lastModified": "2025-04-29T16:15:33.680", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,30 @@ "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Drupal Cache Utility permite Cross-Site Request Forgery. Este problema afecta a Cache Utility: desde la versi\u00f3n 0.0.0 hasta la 1.2.1." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "mlhess@drupal.org", diff --git a/CVE-2025/CVE-2025-316xx/CVE-2025-31691.json b/CVE-2025/CVE-2025-316xx/CVE-2025-31691.json index bbc372009f1..bef9b08e859 100644 --- a/CVE-2025/CVE-2025-316xx/CVE-2025-31691.json +++ b/CVE-2025/CVE-2025-316xx/CVE-2025-31691.json @@ -2,7 +2,7 @@ "id": "CVE-2025-31691", "sourceIdentifier": "mlhess@drupal.org", "published": "2025-03-31T22:15:21.737", - "lastModified": "2025-04-01T20:26:22.890", + "lastModified": "2025-04-29T16:15:33.817", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,30 @@ "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Drupal OAuth2 Server permite la navegaci\u00f3n forzada. Este problema afecta al servidor OAuth2: desde la versi\u00f3n 0.0.0 hasta la 2.1.0." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "mlhess@drupal.org", diff --git a/CVE-2025/CVE-2025-316xx/CVE-2025-31694.json b/CVE-2025/CVE-2025-316xx/CVE-2025-31694.json index f649ece4b85..0bd4c605a6d 100644 --- a/CVE-2025/CVE-2025-316xx/CVE-2025-31694.json +++ b/CVE-2025/CVE-2025-316xx/CVE-2025-31694.json @@ -2,7 +2,7 @@ "id": "CVE-2025-31694", "sourceIdentifier": "mlhess@drupal.org", "published": "2025-03-31T22:15:22.100", - "lastModified": "2025-04-01T20:26:22.890", + "lastModified": "2025-04-29T16:15:33.960", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,30 @@ "value": "La vulnerabilidad de autorizaci\u00f3n incorrecta en Drupal Two-factor Authentication (TFA) permite una navegaci\u00f3n forzada. Este problema afecta a la autenticaci\u00f3n de dos factores (TFA): desde la versi\u00f3n 0.0.0 hasta la 1.10.0." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "mlhess@drupal.org", diff --git a/CVE-2025/CVE-2025-316xx/CVE-2025-31695.json b/CVE-2025/CVE-2025-316xx/CVE-2025-31695.json index b968eac26b0..b57a88698ad 100644 --- a/CVE-2025/CVE-2025-316xx/CVE-2025-31695.json +++ b/CVE-2025/CVE-2025-316xx/CVE-2025-31695.json @@ -2,7 +2,7 @@ "id": "CVE-2025-31695", "sourceIdentifier": "mlhess@drupal.org", "published": "2025-03-31T22:15:22.210", - "lastModified": "2025-04-01T20:26:22.890", + "lastModified": "2025-04-29T16:15:34.097", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,30 @@ "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Drupal Link field display mode formatter permite Cross-Site Scripting (XSS). Este problema afecta al formateador del modo de visualizaci\u00f3n del campo de enlace: desde la versi\u00f3n 0.0.0 hasta la 1.6.0." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "mlhess@drupal.org", diff --git a/CVE-2025/CVE-2025-316xx/CVE-2025-31696.json b/CVE-2025/CVE-2025-316xx/CVE-2025-31696.json index 108f10ba4ee..e0109e1cc01 100644 --- a/CVE-2025/CVE-2025-316xx/CVE-2025-31696.json +++ b/CVE-2025/CVE-2025-316xx/CVE-2025-31696.json @@ -2,7 +2,7 @@ "id": "CVE-2025-31696", "sourceIdentifier": "mlhess@drupal.org", "published": "2025-03-31T22:15:22.320", - "lastModified": "2025-04-01T20:26:22.890", + "lastModified": "2025-04-29T16:15:34.243", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,30 @@ "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Drupal RapiDoc OAS Field Formatter permite Cross-Site Scripting (XSS). Este problema afecta a RapiDoc OAS Field Formatter: desde la versi\u00f3n 0.0.0 hasta la 1.0.1." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "mlhess@drupal.org", diff --git a/CVE-2025/CVE-2025-316xx/CVE-2025-31697.json b/CVE-2025/CVE-2025-316xx/CVE-2025-31697.json index 12ed935f61b..a358169122a 100644 --- a/CVE-2025/CVE-2025-316xx/CVE-2025-31697.json +++ b/CVE-2025/CVE-2025-316xx/CVE-2025-31697.json @@ -2,7 +2,7 @@ "id": "CVE-2025-31697", "sourceIdentifier": "mlhess@drupal.org", "published": "2025-03-31T22:15:22.427", - "lastModified": "2025-04-01T20:26:22.890", + "lastModified": "2025-04-29T16:15:34.633", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,30 @@ "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Drupal Formatter Suite permite Cross-Site Scripting (XSS). Este problema afecta a Formatter Suite: desde la versi\u00f3n 0.0.0 hasta la 2.1.0." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "mlhess@drupal.org", diff --git a/CVE-2025/CVE-2025-323xx/CVE-2025-32354.json b/CVE-2025/CVE-2025-323xx/CVE-2025-32354.json new file mode 100644 index 00000000000..0ea96c16938 --- /dev/null +++ b/CVE-2025/CVE-2025-323xx/CVE-2025-32354.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2025-32354", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-04-29T16:15:34.770", + "lastModified": "2025-04-29T16:15:34.770", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In Zimbra Collaboration (ZCS) 9.0 through 10.1, a Cross-Site Request Forgery (CSRF) vulnerability exists in the GraphQL endpoint (/service/extension/graphql) of Zimbra webmail due to a lack of CSRF token validation. This allows attackers to perform unauthorized GraphQL operations, such as modifying contacts, changing account settings, and accessing sensitive user data when an authenticated user visits a malicious website." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wiki.zimbra.com/wiki/Security_Center", + "source": "cve@mitre.org" + }, + { + "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.4#Security_Fixes", + "source": "cve@mitre.org" + }, + { + "url": "https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-329xx/CVE-2025-32979.json b/CVE-2025/CVE-2025-329xx/CVE-2025-32979.json index 530542b4bf2..1f4b1d5e964 100644 --- a/CVE-2025/CVE-2025-329xx/CVE-2025-32979.json +++ b/CVE-2025/CVE-2025-329xx/CVE-2025-32979.json @@ -2,7 +2,7 @@ "id": "CVE-2025-32979", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-25T21:15:38.883", - "lastModified": "2025-04-29T13:52:28.490", + "lastModified": "2025-04-29T16:15:34.913", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "NETSCOUT nGeniusONE anterior a 6.4.0 b2350 permite la creaci\u00f3n arbitraria de archivos por parte de usuarios autenticados." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-378" + } + ] + } + ], "references": [ { "url": "https://www.netscout.com/securityadvisories", diff --git a/CVE-2025/CVE-2025-329xx/CVE-2025-32980.json b/CVE-2025/CVE-2025-329xx/CVE-2025-32980.json index 47e6d61aa1a..7c1e8d8357f 100644 --- a/CVE-2025/CVE-2025-329xx/CVE-2025-32980.json +++ b/CVE-2025/CVE-2025-329xx/CVE-2025-32980.json @@ -2,7 +2,7 @@ "id": "CVE-2025-32980", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-25T21:15:38.980", - "lastModified": "2025-04-29T13:52:28.490", + "lastModified": "2025-04-29T16:15:35.103", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "NETSCOUT nGeniusONE anterior a 6.4.0 b2350 tiene una configuraci\u00f3n de Sudo d\u00e9bil." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-266" + } + ] + } + ], "references": [ { "url": "https://www.netscout.com/securityadvisories", diff --git a/CVE-2025/CVE-2025-329xx/CVE-2025-32981.json b/CVE-2025/CVE-2025-329xx/CVE-2025-32981.json index 728e427d2d0..7dc5715d1e2 100644 --- a/CVE-2025/CVE-2025-329xx/CVE-2025-32981.json +++ b/CVE-2025/CVE-2025-329xx/CVE-2025-32981.json @@ -2,7 +2,7 @@ "id": "CVE-2025-32981", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-25T21:15:39.070", - "lastModified": "2025-04-29T13:52:28.490", + "lastModified": "2025-04-29T16:15:35.280", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "NETSCOUT nGeniusONE anterior a 6.4.0 b2350 permite a los usuarios locales aprovechar permisos inseguros para el archivo nGeniusCLI." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] + } + ], "references": [ { "url": "https://www.netscout.com/securityadvisories", diff --git a/CVE-2025/CVE-2025-329xx/CVE-2025-32982.json b/CVE-2025/CVE-2025-329xx/CVE-2025-32982.json index 249652dc306..d27fab21005 100644 --- a/CVE-2025/CVE-2025-329xx/CVE-2025-32982.json +++ b/CVE-2025/CVE-2025-329xx/CVE-2025-32982.json @@ -2,7 +2,7 @@ "id": "CVE-2025-32982", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-25T21:15:39.157", - "lastModified": "2025-04-29T13:52:28.490", + "lastModified": "2025-04-29T16:15:35.457", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "NETSCOUT nGeniusONE anterior a 6.4.0 b2350 tiene un esquema de autorizaci\u00f3n roto para el m\u00f3dulo de informe." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-285" + } + ] + } + ], "references": [ { "url": "https://www.netscout.com/securityadvisories", diff --git a/CVE-2025/CVE-2025-329xx/CVE-2025-32985.json b/CVE-2025/CVE-2025-329xx/CVE-2025-32985.json index d31fe4c375f..dfae8594f19 100644 --- a/CVE-2025/CVE-2025-329xx/CVE-2025-32985.json +++ b/CVE-2025/CVE-2025-329xx/CVE-2025-32985.json @@ -2,7 +2,7 @@ "id": "CVE-2025-32985", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-25T21:15:39.407", - "lastModified": "2025-04-29T13:52:10.697", + "lastModified": "2025-04-29T16:15:35.643", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "NETSCOUT nGeniusONE anterior a 6.4.0 b2350 tiene credenciales codificadas que se pueden obtener de archivos JAR." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] + } + ], "references": [ { "url": "https://www.netscout.com/securityadvisories", diff --git a/CVE-2025/CVE-2025-329xx/CVE-2025-32986.json b/CVE-2025/CVE-2025-329xx/CVE-2025-32986.json index d61c3682747..1e6260c9b7a 100644 --- a/CVE-2025/CVE-2025-329xx/CVE-2025-32986.json +++ b/CVE-2025/CVE-2025-329xx/CVE-2025-32986.json @@ -2,7 +2,7 @@ "id": "CVE-2025-32986", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-25T21:15:39.497", - "lastModified": "2025-04-29T13:52:10.697", + "lastModified": "2025-04-29T16:15:35.820", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "NETSCOUT nGeniusONE anterior a 6.4.0 b2350 tiene un archivo confidencial accesible sin autenticaci\u00f3n adecuada en un endpoint." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], "references": [ { "url": "https://www.netscout.com/securityadvisories", diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37785.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37785.json index b11dbb08108..13e87b66089 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37785.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37785.json @@ -2,8 +2,8 @@ "id": "CVE-2025-37785", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-04-18T07:15:42.693", - "lastModified": "2025-04-21T14:23:45.950", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-04-29T16:56:25.337", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,39 +15,159 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: correcci\u00f3n de lectura OOB al comprobar el directorio dotdot Montar un sistema de archivos da\u00f1ado con un directorio que contiene una entrada de directorio '.' con rec_len == tama\u00f1o de bloque da como resultado una lectura fuera de los l\u00edmites (m\u00e1s adelante, cuando se elimina el directorio da\u00f1ado). ext4_empty_dir() asume que cada directorio ext4 contiene al menos '.' y '..' como entradas de directorio en el primer bloque de datos. Primero carga la entrada de directorio '.', realiza comprobaciones de cordura llamando a ext4_check_dir_entry() y luego usa su miembro rec_len para calcular la ubicaci\u00f3n de la entrada de directorio '..' (en ext4_next_entry). Asume que la entrada de directorio '..' encaja en el mismo bloque de datos. Si el rec_len de '.' Si es exactamente un bloque (4 KB), no cumple con las comprobaciones de seguridad (se considera la \u00faltima entrada de directorio del bloque de datos) y deja el puntero \"struct ext4_dir_entry_2 *de\" justo despu\u00e9s de la ranura de memoria asignada al bloque de datos. La siguiente llamada a ext4_check_dir_entry() con el nuevo valor de de desreferencia este puntero, lo que resulta en un acceso a la memoria fuera de los l\u00edmites. Para solucionar esto, extienda __ext4_check_dir_entry() para verificar las entradas de directorio \".\" que llegan al final del bloque de datos. Aseg\u00farese de ignorar las entradas de directorio falsas para la suma de comprobaci\u00f3n (verificando name_len para ver si es distinto de cero). Nota: KASAN informa que esto es un use-after-free en caso de que otra estructura se haya liberado recientemente de la ranura m\u00e1s all\u00e1 del l\u00edmite, pero en realidad es una lectura fuera de banda (OOB). Este problema fue detectado por la herramienta syzkaller. Rastreo de llamadas: [38.594108] ERROR: KASAN: slab-use-after-free in __ext4_check_dir_entry+0x67e/0x710 [ 38.594649] Read of size 2 at addr ffff88802b41a004 by task syz-executor/5375 [ 38.595158] [ 38.595288] CPU: 0 UID: 0 PID: 5375 Comm: syz-executor Not tainted 6.14.0-rc7 #1 [ 38.595298] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 [ 38.595304] Call Trace: [ 38.595308] [ 38.595311] dump_stack_lvl+0xa7/0xd0 [ 38.595325] print_address_description.constprop.0+0x2c/0x3f0 [ 38.595339] ? __ext4_check_dir_entry+0x67e/0x710 [ 38.595349] print_report+0xaa/0x250 [ 38.595359] ? __ext4_check_dir_entry+0x67e/0x710 [ 38.595368] ? kasan_addr_to_slab+0x9/0x90 [ 38.595378] kasan_report+0xab/0xe0 [ 38.595389] ? __ext4_check_dir_entry+0x67e/0x710 [ 38.595400] __ext4_check_dir_entry+0x67e/0x710 [ 38.595410] ext4_empty_dir+0x465/0x990 [ 38.595421] ? __pfx_ext4_empty_dir+0x10/0x10 [ 38.595432] ext4_rmdir.part.0+0x29a/0xd10 [ 38.595441] ? __dquot_initialize+0x2a7/0xbf0 [ 38.595455] ? __pfx_ext4_rmdir.part.0+0x10/0x10 [ 38.595464] ? __pfx___dquot_initialize+0x10/0x10 [ 38.595478] ? down_write+0xdb/0x140 [ 38.595487] ? __pfx_down_write+0x10/0x10 [ 38.595497] ext4_rmdir+0xee/0x140 [ 38.595506] vfs_rmdir+0x209/0x670 [ 38.595517] ? lookup_one_qstr_excl+0x3b/0x190 [ 38.595529] do_rmdir+0x363/0x3c0 [ 38.595537] ? __pfx_do_rmdir+0x10/0x10 [ 38.595544] ? strncpy_from_user+0x1ff/0x2e0 [ 38.595561] __x64_sys_unlinkat+0xf0/0x130 [ 38.595570] do_syscall_64+0x5b/0x180 [ 38.595583] entry_SYSCALL_64_after_hwframe+0x76/0x7e" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.6.19", + "versionEndExcluding": "5.10.236", + "matchCriteriaId": "5093EDFD-21CC-4898-9E34-0C31FADEF44A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.180", + "matchCriteriaId": "D19801C8-3D18-405D-9989-E6C9B30255FA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.134", + "matchCriteriaId": "3985DEC3-0437-4177-BC42-314AB575285A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.87", + "matchCriteriaId": "EFF24260-49B1-4251-9477-C564CFDAD25B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.12.23", + "matchCriteriaId": "26CAB76D-F00F-43CE-BEAD-7097F8FB1D6C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.13", + "versionEndExcluding": "6.13.11", + "matchCriteriaId": "E7E864B0-8C00-4679-BA55-659B4C9C3AD3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.14", + "versionEndExcluding": "6.14.2", + "matchCriteriaId": "FADAE5D8-4808-442C-B218-77B2CE8780A0" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/52a5509ab19a5d3afe301165d9b5787bba34d842", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/53bc45da8d8da92ec07877f5922b130562eb4b00", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/89503e5eae64637d0fa2218912b54660effe7d93", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ac28c5684c1cdab650a7e5065b19e91577d37a4b", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b47584c556444cf7acb66b26a62cbc348eb92b78", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b7531a4f99c3887439d778afaf418d1a01a5f01b", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d5e206778e96e8667d3bde695ad372c296dc9353", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e47f472a664d70a3d104a6c2a035cdff55a719b4", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-378xx/CVE-2025-37860.json b/CVE-2025/CVE-2025-378xx/CVE-2025-37860.json index 6575f05075c..6ae95396645 100644 --- a/CVE-2025/CVE-2025-378xx/CVE-2025-37860.json +++ b/CVE-2025/CVE-2025-378xx/CVE-2025-37860.json @@ -2,8 +2,8 @@ "id": "CVE-2025-37860", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-04-18T07:15:42.883", - "lastModified": "2025-04-21T14:23:45.950", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-04-29T16:55:17.163", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,15 +15,75 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: sfc: se corrigen las desreferencias NULL en ef100_process_design_param(). Desde el commit citada, ef100_probe_main() y, por lo tanto, tambi\u00e9n ef100_check_design_params() se ejecutan antes de crear efx->net_dev; por lo tanto, no podemos ejecutar netif_set_tso_max_size() ni _segs() en este momento. Traslade esas llamadas netif a ef100_probe_netdev() y reemplace netif_err en el c\u00f3digo de par\u00e1metros de dise\u00f1o por pci_err." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.0", + "versionEndExcluding": "6.14.2", + "matchCriteriaId": "DC685F25-CCF6-40A3-AB2D-9EC8065257E6" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/8241ecec1cdc6699ae197d52d58e76bddd995fa5", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e56391011381d6d029da377a65ac314cb3d5def2", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-378xx/CVE-2025-37893.json b/CVE-2025/CVE-2025-378xx/CVE-2025-37893.json index 79982906737..d4fc748638b 100644 --- a/CVE-2025/CVE-2025-378xx/CVE-2025-37893.json +++ b/CVE-2025/CVE-2025-378xx/CVE-2025-37893.json @@ -2,8 +2,8 @@ "id": "CVE-2025-37893", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-04-18T07:15:42.983", - "lastModified": "2025-04-25T11:15:46.147", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-04-29T16:54:26.433", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,27 +15,124 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: LoongArch: BPF: Correcci\u00f3n de error de uno en build_prologue() Vincent inform\u00f3 que ejecutar programas BPF con llamadas de cola en LoongArch provoca un bloqueo duro del kernel. La depuraci\u00f3n de los problemas muestra que a la imagen JIT le falta una instrucci\u00f3n jirl al final del ep\u00edlogo. Hay dos pasos en la compilaci\u00f3n JIT, el primer paso establece los indicadores y el segundo paso genera c\u00f3digo JIT basado en esos indicadores. Con programas BPF que mezclan bpf2bpf y llamadas de cola, build_prologue() genera N insns en el primer paso y luego genera N + 1 insns en el segundo paso. Esto hace que epilogue_offset se desv\u00ede en uno y saltaremos a alg\u00fan insn inesperado y causaremos un bloqueo. Arregle esto insertando un insn nop." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-193" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.1", + "versionEndExcluding": "6.1.134", + "matchCriteriaId": "10FAA32F-8D33-4A36-8482-01961DD84A84" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.87", + "matchCriteriaId": "EFF24260-49B1-4251-9477-C564CFDAD25B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.12.23", + "matchCriteriaId": "26CAB76D-F00F-43CE-BEAD-7097F8FB1D6C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.13", + "versionEndExcluding": "6.13.11", + "matchCriteriaId": "E7E864B0-8C00-4679-BA55-659B4C9C3AD3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.14", + "versionEndExcluding": "6.14.2", + "matchCriteriaId": "FADAE5D8-4808-442C-B218-77B2CE8780A0" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/205a2182c51ffebaef54d643e3745e720cded08b", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/48b904de2408af5f936f0e03f48dfcddeab58aa0", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/7e2586991e36663c9bc48c828b83eab180ad30a9", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b3ffad2f02db4aace6799fe0049508b8925eae45", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c74d95a5679741ef428974ab788f5b0758dc78ae", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-379xx/CVE-2025-37925.json b/CVE-2025/CVE-2025-379xx/CVE-2025-37925.json index 3991a68de6c..76addb8a2fc 100644 --- a/CVE-2025/CVE-2025-379xx/CVE-2025-37925.json +++ b/CVE-2025/CVE-2025-379xx/CVE-2025-37925.json @@ -2,8 +2,8 @@ "id": "CVE-2025-37925", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-04-18T07:15:43.090", - "lastModified": "2025-04-21T14:23:45.950", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-04-29T16:44:08.020", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,15 +15,75 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: jfs: rechaza inodos en disco de un tipo no compatible Syzbot ha informado del siguiente ERROR: \u00a1ERROR del kernel en fs/inode.c:668! Oops: c\u00f3digo de operaci\u00f3n no v\u00e1lido: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 3 UID: 0 PID: 139 Comm: jfsCommit No contaminado 6.12.0-rc4-syzkaller-00085-g4e46774408d9 #0 Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014 RIP: 0010:clear_inode+0x168/0x190 Code: 4c 89 f7 e8 ba fe e5 ff e9 61 ff ff ff 44 89 f1 80 e1 07 80 c1 03 38 c1 7c c1 4c 89 f7 e8 90 ff e5 ff eb b7 0b e8 01 5d 7f ff 90 0f 0b e8 f9 5c 7f ff 90 0f 0b e8 f1 5c 7f RSP: 0018:ffffc900027dfae8 EFLAGS: 00010093 RAX: ffffffff82157a87 RBX: 0000000000000001 RCX: ffff888104d4b980 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 RBP: ffffc900027dfc90 R08: ffffffff82157977 R09: fffff520004fbf38 R10: dffffc0000000000 R11: fffff520004fbf38 R12: dffffc0000000000 R13: ffff88811315bc00 R14: ffff88811315bda8 R15: ffff88811315bb80 FS: 0000000000000000(0000) GS:ffff888135f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005565222e0578 CR3: 0000000026ef0000 CR4: 00000000000006f0 Call Trace: ? __die_body+0x5f/0xb0 ? die+0x9e/0xc0 ? do_trap+0x15a/0x3a0 ? clear_inode+0x168/0x190 ? do_error_trap+0x1dc/0x2c0 ? clear_inode+0x168/0x190 ? __pfx_do_error_trap+0x10/0x10 ? report_bug+0x3cd/0x500 ? handle_invalid_op+0x34/0x40 ? clear_inode+0x168/0x190 ? exc_invalid_op+0x38/0x50 ? asm_exc_invalid_op+0x1a/0x20 ? clear_inode+0x57/0x190 ? clear_inode+0x167/0x190 ? clear_inode+0x168/0x190 ? clear_inode+0x167/0x190 jfs_evict_inode+0xb5/0x440 ? __pfx_jfs_evict_inode+0x10/0x10 evict+0x4ea/0x9b0 ? __pfx_evict+0x10/0x10 ? iput+0x713/0xa50 txUpdateMap+0x931/0xb10 ? __pfx_txUpdateMap+0x10/0x10 jfs_lazycommit+0x49a/0xb80 ? _raw_spin_unlock_irqrestore+0x8f/0x140 ? lockdep_hardirqs_on+0x99/0x150 ? __pfx_jfs_lazycommit+0x10/0x10 ? __pfx_default_wake_function+0x10/0x10 ? __kthread_parkme+0x169/0x1d0 ? __pfx_jfs_lazycommit+0x10/0x10 kthread+0x2f2/0x390 ? __pfx_jfs_lazycommit+0x10/0x10 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x4d/0x80 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 Esto ocurre cuando 'clear_inode()' intenta finalizar un inodo JFS subyacente de tipo desconocido. Seg\u00fan la descripci\u00f3n del dise\u00f1o JFS de https://jfs.sourceforge.net/project/pub/jfslayout.pdf, los tipos de inodo del 5 al 15 est\u00e1n reservados para futuras extensiones y no deber\u00edan encontrarse en un sistema de archivos v\u00e1lido. Por lo tanto, a\u00f1ada una comprobaci\u00f3n adicional para el tipo de inodo v\u00e1lido en 'copy_from_dinode()'." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.1", + "versionEndExcluding": "6.14.2", + "matchCriteriaId": "2989FFC5-ECF9-4B72-ADBA-78A3A5220C13" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/8987891c4653874d5e3f5d11f063912f4e0b58eb", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8c3f9a70d2d4dd6c640afe294b05c6a0a45434d9", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-406xx/CVE-2025-40615.json b/CVE-2025/CVE-2025-406xx/CVE-2025-40615.json new file mode 100644 index 00000000000..f262340a695 --- /dev/null +++ b/CVE-2025/CVE-2025-406xx/CVE-2025-40615.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2025-40615", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2025-04-29T16:15:36.160", + "lastModified": "2025-04-29T16:15:36.160", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the \"TEXTO\" parameter in /api/api_ajustes.php." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "ACTIVE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "LOW", + "subIntegrityImpact": "LOW", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bookgy", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-406xx/CVE-2025-40616.json b/CVE-2025/CVE-2025-406xx/CVE-2025-40616.json new file mode 100644 index 00000000000..3324d7b0494 --- /dev/null +++ b/CVE-2025/CVE-2025-406xx/CVE-2025-40616.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2025-40616", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2025-04-29T16:15:36.310", + "lastModified": "2025-04-29T16:15:36.310", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the \"IDRESERVA\" parameter in /bkg_imprimir_comprobante.php." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "ACTIVE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "LOW", + "subIntegrityImpact": "LOW", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bookgy", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-406xx/CVE-2025-40617.json b/CVE-2025/CVE-2025-406xx/CVE-2025-40617.json new file mode 100644 index 00000000000..9cc98d9a844 --- /dev/null +++ b/CVE-2025/CVE-2025-406xx/CVE-2025-40617.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2025-40617", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2025-04-29T16:15:36.450", + "lastModified": "2025-04-29T16:15:36.450", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the \"IDTIPO\", \"IDPISTA\" and \"IDSOCIO\" parameters in /bkg_seleccionar_hora_ajax.php." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "HIGH", + "vulnAvailabilityImpact": "HIGH", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bookgy", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-406xx/CVE-2025-40618.json b/CVE-2025/CVE-2025-406xx/CVE-2025-40618.json new file mode 100644 index 00000000000..032f6be1ee6 --- /dev/null +++ b/CVE-2025/CVE-2025-406xx/CVE-2025-40618.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2025-40618", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2025-04-29T16:15:36.580", + "lastModified": "2025-04-29T16:15:36.580", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the \"IDRESERVA\"\u00a0\u00a0parameter in /bkg_imprimir_comprobante.php" + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "HIGH", + "vulnAvailabilityImpact": "HIGH", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bookgy", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-406xx/CVE-2025-40619.json b/CVE-2025/CVE-2025-406xx/CVE-2025-40619.json new file mode 100644 index 00000000000..74071d321fd --- /dev/null +++ b/CVE-2025/CVE-2025-406xx/CVE-2025-40619.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2025-40619", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2025-04-29T16:15:36.727", + "lastModified": "2025-04-29T16:15:36.727", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Bookgy does not provide for proper authorisation control in multiple areas of the application. This deficiency could allow a malicious actor, without authentication, to reach private areas and/or areas intended for other roles." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "HIGH", + "vulnAvailabilityImpact": "HIGH", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bookgy", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4068.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4068.json new file mode 100644 index 00000000000..3fcc384de56 --- /dev/null +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4068.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-4068", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-29T16:15:38.163", + "lastModified": "2025-04-29T16:15:38.163", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in code-projects Simple Movie Ticket Booking System 1.0. Affected by this vulnerability is the function changeprize. The manipulation of the argument prize leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 4.3, + "accessVector": "LOCAL", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 3.1, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + }, + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/zzzxc643/cve/blob/main/MOVIE_TICKET_BOOKING_SYSTEM.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.306505", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.306505", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.559479", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4069.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4069.json new file mode 100644 index 00000000000..f50770a058d --- /dev/null +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4069.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-4069", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-29T16:15:38.350", + "lastModified": "2025-04-29T16:15:38.350", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in code-projects Product Management System 1.0. Affected by this issue is the function add_item. The manipulation of the argument st.productname leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 4.3, + "accessVector": "LOCAL", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 3.1, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + }, + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/zzzxc643/cve/blob/main/PRODUCT_MANAGEMENT_SYSTEM.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.306506", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.306506", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.559516", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4070.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4070.json new file mode 100644 index 00000000000..4a2c7ada838 --- /dev/null +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4070.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-4070", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-29T16:15:38.523", + "lastModified": "2025-04-29T16:15:38.523", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, was found in PHPGurukul Rail Pass Management System 1.0. This affects an unknown part of the file /admin/changeimage.php. The manipulation of the argument editid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Arcueicl/cve/issues/1", + "source": "cna@vuldb.com" + }, + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.306507", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.306507", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.559620", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4071.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4071.json new file mode 100644 index 00000000000..f0778ded120 --- /dev/null +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4071.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-4071", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-29T16:15:38.697", + "lastModified": "2025-04-29T16:15:38.697", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in PHPGurukul COVID19 Testing Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /test-details.php. The manipulation of the argument Status leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/2634257398/CVE-/issues/1", + "source": "cna@vuldb.com" + }, + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.306508", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.306508", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.559904", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4072.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4072.json new file mode 100644 index 00000000000..64236ea1b01 --- /dev/null +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4072.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-4072", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-29T17:15:41.500", + "lastModified": "2025-04-29T17:15:41.500", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in PHPGurukul Online Nurse Hiring System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/edit-nurse.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Multiple parameters might be affected." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Iandweb/CVE/issues/1", + "source": "cna@vuldb.com" + }, + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.306509", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.306509", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.559939", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4073.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4073.json new file mode 100644 index 00000000000..926c7452581 --- /dev/null +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4073.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-4073", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-29T17:15:41.730", + "lastModified": "2025-04-29T17:15:41.730", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in PHPGurukul Student Record System 3.20. It has been classified as critical. Affected is an unknown function of the file /change-password.php. The manipulation of the argument currentpassword leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/bleakTS/myCVE/issues/1", + "source": "cna@vuldb.com" + }, + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.306510", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.306510", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.559947", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4086.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4086.json index 2f7d70b31f0..ab75f7dca84 100644 --- a/CVE-2025/CVE-2025-40xx/CVE-2025-4086.json +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4086.json @@ -2,7 +2,7 @@ "id": "CVE-2025-4086", "sourceIdentifier": "security@mozilla.org", "published": "2025-04-29T14:15:35.267", - "lastModified": "2025-04-29T14:15:35.267", + "lastModified": "2025-04-29T16:15:38.873", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,42 @@ "value": "A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog.\n*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 138 and Thunderbird < 138." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-451" + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1945705", diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4087.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4087.json index e4a89b4045d..97533225202 100644 --- a/CVE-2025/CVE-2025-40xx/CVE-2025-4087.json +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4087.json @@ -2,7 +2,7 @@ "id": "CVE-2025-4087", "sourceIdentifier": "security@mozilla.org", "published": "2025-04-29T14:15:35.357", - "lastModified": "2025-04-29T14:15:35.357", + "lastModified": "2025-04-29T16:15:39.017", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,42 @@ "value": "A vulnerability was identified in Firefox where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Thunderbird < 138, and Thunderbird ESR < 128.10." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1952465", diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4088.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4088.json index 0c2f236125c..cca105a6566 100644 --- a/CVE-2025/CVE-2025-40xx/CVE-2025-4088.json +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4088.json @@ -2,7 +2,7 @@ "id": "CVE-2025-4088", "sourceIdentifier": "security@mozilla.org", "published": "2025-04-29T14:15:35.450", - "lastModified": "2025-04-29T14:15:35.450", + "lastModified": "2025-04-29T16:15:39.153", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,42 @@ "value": "A security vulnerability in Firefox allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API. This enabled potential Cross-Site Request Forgery attacks across origins. This vulnerability affects Firefox < 138 and Thunderbird < 138." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1953521", diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4089.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4089.json index e2f6bab3e86..fa24955ab54 100644 --- a/CVE-2025/CVE-2025-40xx/CVE-2025-4089.json +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4089.json @@ -2,7 +2,7 @@ "id": "CVE-2025-4089", "sourceIdentifier": "security@mozilla.org", "published": "2025-04-29T14:15:35.537", - "lastModified": "2025-04-29T14:15:35.537", + "lastModified": "2025-04-29T16:15:39.297", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,42 @@ "value": "Due to insufficient escaping of special characters in the \"copy as cURL\" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability affects Firefox < 138 and Thunderbird < 138." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.5, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1949994%2C1956698%2C1960198", diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4090.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4090.json index fb09d18077b..a33dd245479 100644 --- a/CVE-2025/CVE-2025-40xx/CVE-2025-4090.json +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4090.json @@ -2,7 +2,7 @@ "id": "CVE-2025-4090", "sourceIdentifier": "security@mozilla.org", "published": "2025-04-29T14:15:35.627", - "lastModified": "2025-04-29T14:15:35.627", + "lastModified": "2025-04-29T16:15:39.440", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,42 @@ "value": "A vulnerability existed in Firefox for Android where potentially sensitive library locations were logged via Logcat. This vulnerability affects Firefox < 138 and Thunderbird < 138." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1929478", diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4091.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4091.json index 2233c9b99c6..140a2e9884a 100644 --- a/CVE-2025/CVE-2025-40xx/CVE-2025-4091.json +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4091.json @@ -2,7 +2,7 @@ "id": "CVE-2025-4091", "sourceIdentifier": "security@mozilla.org", "published": "2025-04-29T14:15:35.717", - "lastModified": "2025-04-29T14:15:35.717", + "lastModified": "2025-04-29T16:15:39.570", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,42 @@ "value": "Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Thunderbird < 138, and Thunderbird ESR < 128.10." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1951161%2C1952105", diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4092.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4092.json index 6188ccbbca2..8d3088e8e17 100644 --- a/CVE-2025/CVE-2025-40xx/CVE-2025-4092.json +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4092.json @@ -2,7 +2,7 @@ "id": "CVE-2025-4092", "sourceIdentifier": "security@mozilla.org", "published": "2025-04-29T14:15:35.820", - "lastModified": "2025-04-29T14:15:35.820", + "lastModified": "2025-04-29T16:15:39.707", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,42 @@ "value": "Memory safety bugs present in Firefox 137 and Thunderbird 137. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 138 and Thunderbird < 138." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1924108%2C1950780%2C1959367", diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4093.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4093.json index 182d8f52674..879bf46721a 100644 --- a/CVE-2025/CVE-2025-40xx/CVE-2025-4093.json +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4093.json @@ -2,7 +2,7 @@ "id": "CVE-2025-4093", "sourceIdentifier": "security@mozilla.org", "published": "2025-04-29T14:15:35.907", - "lastModified": "2025-04-29T14:15:35.907", + "lastModified": "2025-04-29T16:15:39.850", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,42 @@ "value": "Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 128.10 and Thunderbird ESR < 128.10." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1894100", diff --git a/CVE-2025/CVE-2025-459xx/CVE-2025-45956.json b/CVE-2025/CVE-2025-459xx/CVE-2025-45956.json new file mode 100644 index 00000000000..a3896fe4c9b --- /dev/null +++ b/CVE-2025/CVE-2025-459xx/CVE-2025-45956.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2025-45956", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-04-29T17:15:41.317", + "lastModified": "2025-04-29T17:15:41.317", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A SQL injection vulnerability in manage_damage.php in Sourcecodester Computer Laboratory Management System v1.0 allows an authenticated attacker to execute arbitrary SQL commands via the \"id\" parameter" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/lloydik/CLMS-vulnerabilities/blob/main/SQLi-CLMS-PoC.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-463xx/CVE-2025-46346.json b/CVE-2025/CVE-2025-463xx/CVE-2025-46346.json new file mode 100644 index 00000000000..0a1b60e4dad --- /dev/null +++ b/CVE-2025/CVE-2025-463xx/CVE-2025-46346.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2025-46346", + "sourceIdentifier": "security-advisories@github.com", + "published": "2025-04-29T16:15:36.873", + "lastModified": "2025-04-29T16:15:36.873", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "YesWiki is a wiki system written in PHP. Prior to version 4.5.4, a stored cross-site scripting (XSS) vulnerability was discovered in the application\u2019s comments feature. This issue allows a malicious actor to inject JavaScript payloads that are stored and later executed in the browser of any user viewing the affected comment. The XSS occurs because the application fails to properly sanitize or encode user input submitted to the comments. Notably, the application sanitizes or does not allow execution of `