From d8f1a20daa253be456d82b2d95392127eed260a9 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 2 Apr 2025 02:03:53 +0000 Subject: [PATCH] Auto-Update: 2025-04-02T02:00:19.991871+00:00 --- CVE-2025/CVE-2025-248xx/CVE-2025-24813.json | 6 ++- CVE-2025/CVE-2025-276xx/CVE-2025-27692.json | 56 +++++++++++++++++++++ CVE-2025/CVE-2025-276xx/CVE-2025-27693.json | 56 +++++++++++++++++++++ CVE-2025/CVE-2025-276xx/CVE-2025-27694.json | 56 +++++++++++++++++++++ CVE-2025/CVE-2025-299xx/CVE-2025-29981.json | 56 +++++++++++++++++++++ CVE-2025/CVE-2025-299xx/CVE-2025-29982.json | 56 +++++++++++++++++++++ CVE-2025/CVE-2025-30xx/CVE-2025-3066.json | 37 ++++++++++++++ CVE-2025/CVE-2025-30xx/CVE-2025-3067.json | 25 +++++++++ CVE-2025/CVE-2025-30xx/CVE-2025-3068.json | 25 +++++++++ CVE-2025/CVE-2025-30xx/CVE-2025-3069.json | 25 +++++++++ CVE-2025/CVE-2025-30xx/CVE-2025-3070.json | 37 ++++++++++++++ CVE-2025/CVE-2025-30xx/CVE-2025-3071.json | 25 +++++++++ CVE-2025/CVE-2025-30xx/CVE-2025-3072.json | 25 +++++++++ CVE-2025/CVE-2025-30xx/CVE-2025-3073.json | 25 +++++++++ CVE-2025/CVE-2025-30xx/CVE-2025-3074.json | 25 +++++++++ README.md | 29 +++++++---- _state.csv | 24 +++++++-- 17 files changed, 573 insertions(+), 15 deletions(-) create mode 100644 CVE-2025/CVE-2025-276xx/CVE-2025-27692.json create mode 100644 CVE-2025/CVE-2025-276xx/CVE-2025-27693.json create mode 100644 CVE-2025/CVE-2025-276xx/CVE-2025-27694.json create mode 100644 CVE-2025/CVE-2025-299xx/CVE-2025-29981.json create mode 100644 CVE-2025/CVE-2025-299xx/CVE-2025-29982.json create mode 100644 CVE-2025/CVE-2025-30xx/CVE-2025-3066.json create mode 100644 CVE-2025/CVE-2025-30xx/CVE-2025-3067.json create mode 100644 CVE-2025/CVE-2025-30xx/CVE-2025-3068.json create mode 100644 CVE-2025/CVE-2025-30xx/CVE-2025-3069.json create mode 100644 CVE-2025/CVE-2025-30xx/CVE-2025-3070.json create mode 100644 CVE-2025/CVE-2025-30xx/CVE-2025-3071.json create mode 100644 CVE-2025/CVE-2025-30xx/CVE-2025-3072.json create mode 100644 CVE-2025/CVE-2025-30xx/CVE-2025-3073.json create mode 100644 CVE-2025/CVE-2025-30xx/CVE-2025-3074.json diff --git a/CVE-2025/CVE-2025-248xx/CVE-2025-24813.json b/CVE-2025/CVE-2025-248xx/CVE-2025-24813.json index dad3ffcb3b1..5e4066ef0b9 100644 --- a/CVE-2025/CVE-2025-248xx/CVE-2025-24813.json +++ b/CVE-2025/CVE-2025-248xx/CVE-2025-24813.json @@ -2,7 +2,7 @@ "id": "CVE-2025-24813", "sourceIdentifier": "security@apache.org", "published": "2025-03-10T17:15:35.067", - "lastModified": "2025-03-21T18:15:34.600", + "lastModified": "2025-04-02T01:00:02.367", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -59,6 +59,10 @@ } ] }, + "cisaExploitAdd": "2025-04-01", + "cisaActionDue": "2025-04-22", + "cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", + "cisaVulnerabilityName": "Apache Tomcat Path Equivalence Vulnerability", "weaknesses": [ { "source": "security@apache.org", diff --git a/CVE-2025/CVE-2025-276xx/CVE-2025-27692.json b/CVE-2025/CVE-2025-276xx/CVE-2025-27692.json new file mode 100644 index 00000000000..ea1a7eabd2d --- /dev/null +++ b/CVE-2025/CVE-2025-276xx/CVE-2025-27692.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-27692", + "sourceIdentifier": "security_alert@emc.com", + "published": "2025-04-02T01:15:37.117", + "lastModified": "2025-04-02T01:15:37.117", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service, Information disclosure, and Remote execution" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security_alert@emc.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "security_alert@emc.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://www.dell.com/support/kbdoc/en-us/000296515/dsa-2025-135", + "source": "security_alert@emc.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-276xx/CVE-2025-27693.json b/CVE-2025/CVE-2025-276xx/CVE-2025-27693.json new file mode 100644 index 00000000000..e7b97774957 --- /dev/null +++ b/CVE-2025/CVE-2025-276xx/CVE-2025-27693.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-27693", + "sourceIdentifier": "security_alert@emc.com", + "published": "2025-04-02T01:15:37.283", + "lastModified": "2025-04-02T01:15:37.283", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security_alert@emc.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security_alert@emc.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.dell.com/support/kbdoc/en-us/000296515/dsa-2025-135", + "source": "security_alert@emc.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-276xx/CVE-2025-27694.json b/CVE-2025/CVE-2025-276xx/CVE-2025-27694.json new file mode 100644 index 00000000000..d56cd04741a --- /dev/null +++ b/CVE-2025/CVE-2025-276xx/CVE-2025-27694.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-27694", + "sourceIdentifier": "security_alert@emc.com", + "published": "2025-04-02T01:15:37.430", + "lastModified": "2025-04-02T01:15:37.430", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insufficient Resource Pool vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Denial of service." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security_alert@emc.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security_alert@emc.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-410" + } + ] + } + ], + "references": [ + { + "url": "https://www.dell.com/support/kbdoc/en-us/000296515/dsa-2025-135", + "source": "security_alert@emc.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-299xx/CVE-2025-29981.json b/CVE-2025/CVE-2025-299xx/CVE-2025-29981.json new file mode 100644 index 00000000000..793e66304d2 --- /dev/null +++ b/CVE-2025/CVE-2025-299xx/CVE-2025-29981.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-29981", + "sourceIdentifier": "security_alert@emc.com", + "published": "2025-04-02T01:15:37.577", + "lastModified": "2025-04-02T01:15:37.577", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Exposure of Sensitive Information Through Data Queries vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security_alert@emc.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security_alert@emc.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-202" + } + ] + } + ], + "references": [ + { + "url": "https://www.dell.com/support/kbdoc/en-us/000296515/dsa-2025-135", + "source": "security_alert@emc.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-299xx/CVE-2025-29982.json b/CVE-2025/CVE-2025-299xx/CVE-2025-29982.json new file mode 100644 index 00000000000..951b50087a2 --- /dev/null +++ b/CVE-2025/CVE-2025-299xx/CVE-2025-29982.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-29982", + "sourceIdentifier": "security_alert@emc.com", + "published": "2025-04-02T01:15:37.723", + "lastModified": "2025-04-02T01:15:37.723", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insecure Inherited Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security_alert@emc.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.5 + } + ] + }, + "weaknesses": [ + { + "source": "security_alert@emc.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-277" + } + ] + } + ], + "references": [ + { + "url": "https://www.dell.com/support/kbdoc/en-us/000296515/dsa-2025-135", + "source": "security_alert@emc.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-30xx/CVE-2025-3066.json b/CVE-2025/CVE-2025-30xx/CVE-2025-3066.json new file mode 100644 index 00000000000..de46c49fb2d --- /dev/null +++ b/CVE-2025/CVE-2025-30xx/CVE-2025-3066.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-3066", + "sourceIdentifier": "chrome-cve-admin@google.com", + "published": "2025-04-02T01:15:37.873", + "lastModified": "2025-04-02T01:15:37.873", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Use after free in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "chrome-cve-admin@google.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "references": [ + { + "url": "https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop.html", + "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://issues.chromium.org/issues/405140652", + "source": "chrome-cve-admin@google.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-30xx/CVE-2025-3067.json b/CVE-2025/CVE-2025-30xx/CVE-2025-3067.json new file mode 100644 index 00000000000..0b7a16d332f --- /dev/null +++ b/CVE-2025/CVE-2025-30xx/CVE-2025-3067.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2025-3067", + "sourceIdentifier": "chrome-cve-admin@google.com", + "published": "2025-04-02T01:15:38.010", + "lastModified": "2025-04-02T01:15:38.010", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted app. (Chromium security severity: Medium)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop.html", + "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://issues.chromium.org/issues/376491759", + "source": "chrome-cve-admin@google.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-30xx/CVE-2025-3068.json b/CVE-2025/CVE-2025-30xx/CVE-2025-3068.json new file mode 100644 index 00000000000..73a7885176e --- /dev/null +++ b/CVE-2025/CVE-2025-30xx/CVE-2025-3068.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2025-3068", + "sourceIdentifier": "chrome-cve-admin@google.com", + "published": "2025-04-02T01:15:38.093", + "lastModified": "2025-04-02T01:15:38.093", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Inappropriate implementation in Intents in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop.html", + "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://issues.chromium.org/issues/401823929", + "source": "chrome-cve-admin@google.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-30xx/CVE-2025-3069.json b/CVE-2025/CVE-2025-30xx/CVE-2025-3069.json new file mode 100644 index 00000000000..a9b898c79b5 --- /dev/null +++ b/CVE-2025/CVE-2025-30xx/CVE-2025-3069.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2025-3069", + "sourceIdentifier": "chrome-cve-admin@google.com", + "published": "2025-04-02T01:15:38.187", + "lastModified": "2025-04-02T01:15:38.187", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Inappropriate implementation in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop.html", + "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://issues.chromium.org/issues/40060076", + "source": "chrome-cve-admin@google.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-30xx/CVE-2025-3070.json b/CVE-2025/CVE-2025-30xx/CVE-2025-3070.json new file mode 100644 index 00000000000..f8e415dc59d --- /dev/null +++ b/CVE-2025/CVE-2025-30xx/CVE-2025-3070.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-3070", + "sourceIdentifier": "chrome-cve-admin@google.com", + "published": "2025-04-02T01:15:38.283", + "lastModified": "2025-04-02T01:15:38.283", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Insufficient validation of untrusted input in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "chrome-cve-admin@google.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop.html", + "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://issues.chromium.org/issues/40086360", + "source": "chrome-cve-admin@google.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-30xx/CVE-2025-3071.json b/CVE-2025/CVE-2025-30xx/CVE-2025-3071.json new file mode 100644 index 00000000000..f6c70d5257c --- /dev/null +++ b/CVE-2025/CVE-2025-30xx/CVE-2025-3071.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2025-3071", + "sourceIdentifier": "chrome-cve-admin@google.com", + "published": "2025-04-02T01:15:38.413", + "lastModified": "2025-04-02T01:15:38.413", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop.html", + "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://issues.chromium.org/issues/40051596", + "source": "chrome-cve-admin@google.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-30xx/CVE-2025-3072.json b/CVE-2025/CVE-2025-30xx/CVE-2025-3072.json new file mode 100644 index 00000000000..8a376b5ca78 --- /dev/null +++ b/CVE-2025/CVE-2025-30xx/CVE-2025-3072.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2025-3072", + "sourceIdentifier": "chrome-cve-admin@google.com", + "published": "2025-04-02T01:15:38.503", + "lastModified": "2025-04-02T01:15:38.503", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Inappropriate implementation in Custom Tabs in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop.html", + "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://issues.chromium.org/issues/362545037", + "source": "chrome-cve-admin@google.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-30xx/CVE-2025-3073.json b/CVE-2025/CVE-2025-30xx/CVE-2025-3073.json new file mode 100644 index 00000000000..cc51bd66074 --- /dev/null +++ b/CVE-2025/CVE-2025-30xx/CVE-2025-3073.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2025-3073", + "sourceIdentifier": "chrome-cve-admin@google.com", + "published": "2025-04-02T01:15:38.600", + "lastModified": "2025-04-02T01:15:38.600", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Inappropriate implementation in Autofill in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop.html", + "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://issues.chromium.org/issues/388680893", + "source": "chrome-cve-admin@google.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-30xx/CVE-2025-3074.json b/CVE-2025/CVE-2025-30xx/CVE-2025-3074.json new file mode 100644 index 00000000000..fd984c75fab --- /dev/null +++ b/CVE-2025/CVE-2025-30xx/CVE-2025-3074.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2025-3074", + "sourceIdentifier": "chrome-cve-admin@google.com", + "published": "2025-04-02T01:15:38.690", + "lastModified": "2025-04-02T01:15:38.690", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Inappropriate implementation in Downloads in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop.html", + "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://issues.chromium.org/issues/392818696", + "source": "chrome-cve-admin@google.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 0e2716ff333..976ba99c100 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-04-01T23:55:19.839239+00:00 +2025-04-02T02:00:19.991871+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-04-01T22:15:21.437000+00:00 +2025-04-02T01:15:38.690000+00:00 ``` ### Last Data Feed Release @@ -27,29 +27,40 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2025-04-01T00:00:04.510351+00:00 +2025-04-02T00:00:04.382238+00:00 ``` ### Total Number of included CVEs ```plain -288157 +288171 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `14` -- [CVE-2023-46988](CVE-2023/CVE-2023-469xx/CVE-2023-46988.json) (`2025-04-01T22:15:20.023`) -- [CVE-2025-30356](CVE-2025/CVE-2025-303xx/CVE-2025-30356.json) (`2025-04-01T22:15:21.297`) -- [CVE-2025-31135](CVE-2025/CVE-2025-311xx/CVE-2025-31135.json) (`2025-04-01T22:15:21.437`) +- [CVE-2025-27692](CVE-2025/CVE-2025-276xx/CVE-2025-27692.json) (`2025-04-02T01:15:37.117`) +- [CVE-2025-27693](CVE-2025/CVE-2025-276xx/CVE-2025-27693.json) (`2025-04-02T01:15:37.283`) +- [CVE-2025-27694](CVE-2025/CVE-2025-276xx/CVE-2025-27694.json) (`2025-04-02T01:15:37.430`) +- [CVE-2025-29981](CVE-2025/CVE-2025-299xx/CVE-2025-29981.json) (`2025-04-02T01:15:37.577`) +- [CVE-2025-29982](CVE-2025/CVE-2025-299xx/CVE-2025-29982.json) (`2025-04-02T01:15:37.723`) +- [CVE-2025-3066](CVE-2025/CVE-2025-30xx/CVE-2025-3066.json) (`2025-04-02T01:15:37.873`) +- [CVE-2025-3067](CVE-2025/CVE-2025-30xx/CVE-2025-3067.json) (`2025-04-02T01:15:38.010`) +- [CVE-2025-3068](CVE-2025/CVE-2025-30xx/CVE-2025-3068.json) (`2025-04-02T01:15:38.093`) +- [CVE-2025-3069](CVE-2025/CVE-2025-30xx/CVE-2025-3069.json) (`2025-04-02T01:15:38.187`) +- [CVE-2025-3070](CVE-2025/CVE-2025-30xx/CVE-2025-3070.json) (`2025-04-02T01:15:38.283`) +- [CVE-2025-3071](CVE-2025/CVE-2025-30xx/CVE-2025-3071.json) (`2025-04-02T01:15:38.413`) +- [CVE-2025-3072](CVE-2025/CVE-2025-30xx/CVE-2025-3072.json) (`2025-04-02T01:15:38.503`) +- [CVE-2025-3073](CVE-2025/CVE-2025-30xx/CVE-2025-3073.json) (`2025-04-02T01:15:38.600`) +- [CVE-2025-3074](CVE-2025/CVE-2025-30xx/CVE-2025-3074.json) (`2025-04-02T01:15:38.690`) ### CVEs modified in the last Commit Recently modified CVEs: `1` -- [CVE-2024-20439](CVE-2024/CVE-2024-204xx/CVE-2024-20439.json) (`2025-04-01T22:15:20.950`) +- [CVE-2025-24813](CVE-2025/CVE-2025-248xx/CVE-2025-24813.json) (`2025-04-02T01:00:02.367`) ## Download and Usage diff --git a/_state.csv b/_state.csv index bc9e91c61df..ceac1dbd9d4 100644 --- a/_state.csv +++ b/_state.csv @@ -237127,7 +237127,7 @@ CVE-2023-4698,0,0,9dfe8d865c6a7f1aa233e49914d858db0f5052b28d0060d7fc9a19845c64ca CVE-2023-46980,0,0,dacb1018c155a0147f0608fc0394f59dd8f2f2f0512e453c092745a2746dd14f,2024-11-21T08:29:35.433000 CVE-2023-46981,0,0,026350644202b54d0cca0c15982b2b92ecf956938336a88c9fa0604ee3f1ed5f,2024-11-21T08:29:35.663000 CVE-2023-46987,0,0,229a1f390d396188d389c42c1c5da39c22ec617d23e459a8ad14ed7bcc5123c4,2024-11-21T08:29:35.810000 -CVE-2023-46988,1,1,802d8d0c9b3e42ea4c79902173df4cb5e36cd1bbd92fb617d81a0b4ce5a0358d,2025-04-01T22:15:20.023000 +CVE-2023-46988,0,0,802d8d0c9b3e42ea4c79902173df4cb5e36cd1bbd92fb617d81a0b4ce5a0358d,2025-04-01T22:15:20.023000 CVE-2023-46989,0,0,45791d629ccc30ec38a0335dae48670585df4009011aeab0a1590f09dc4ec070,2024-11-21T08:29:35.957000 CVE-2023-4699,0,0,65e91627f3db2e81b2cf04839985e20c3b1b4c4eb2f486d5e0771b5eef9626df,2025-03-17T16:15:18.850000 CVE-2023-46990,0,0,160645d54c54d888c229c9d1c24711089a9818f72a67e4f52929e8b3e327db4e,2024-11-21T08:29:36.120000 @@ -249286,7 +249286,7 @@ CVE-2024-20435,0,0,8b646979c41ec7de58575637102a01e3e1888da1726e49b926d55997d46bb CVE-2024-20436,0,0,43b99a83735a1deef14d37878c34b3245659a80bba53d63455a76bb0d3703908,2024-10-08T21:00:00.670000 CVE-2024-20437,0,0,59d31400139cd4b295151b81e477c1e2539a52b4a6692c93f661bf74a9c22902,2024-10-24T19:45:01.540000 CVE-2024-20438,0,0,801db4a130c9994307cf5f0ae95dd4b599dd796092b52e8fa69dcf687e3ec077,2024-10-08T13:54:46.450000 -CVE-2024-20439,0,1,4fbf2ad41b4df9ac936f478a3b236238d9976e9129c140035ade1bfc7daf6dad,2025-04-01T22:15:20.950000 +CVE-2024-20439,0,0,4fbf2ad41b4df9ac936f478a3b236238d9976e9129c140035ade1bfc7daf6dad,2025-04-01T22:15:20.950000 CVE-2024-2044,0,0,c3dd5aa5d2203eb1541a9242e72737c95ff6504f7ed93370ec0cf404c8320024,2025-02-13T18:17:51.447000 CVE-2024-20440,0,0,d1af3249c51bd7f941a39610d3a4681288a908bc2312c18dc00dbcffe30b3365,2024-09-19T13:42:41.017000 CVE-2024-20441,0,0,cfa61712a3c29cf86bd6533f2ff41455184f1538f6f64c55699096835398fd6d,2024-10-08T13:45:07.300000 @@ -285430,7 +285430,7 @@ CVE-2025-2481,0,0,c2c28d972678d70cba9bebdec9ea93fe1d44de9c5f8caa95f7b1a4769c38aa CVE-2025-24810,0,0,5dc96a04891b646d8f099d1fa627e0a60065bb9f47866c74211a0f5415867e23,2025-01-28T05:15:11.413000 CVE-2025-24811,0,0,2da7e99907675b0c3b84fff601eb43c4c4c27c662d95c7205901bce5bb8705d8,2025-02-11T11:15:16.907000 CVE-2025-24812,0,0,3542fd62679fcd1754aabe0f38d924c5bd34578dfc13aa46aeaa150dd810a16a,2025-02-11T11:15:17.080000 -CVE-2025-24813,0,0,1777555b5f20b0b5c1b8ea6c8ca1fe36c2e1ab9bec5d1dab12bfafa80c48bb19,2025-03-21T18:15:34.600000 +CVE-2025-24813,0,1,f7331bb40ec2dcc0353aeab62186a5c231864e3c581b537158dc3c468fdabb44,2025-04-02T01:00:02.367000 CVE-2025-24814,0,0,778c51f4f444afc315901ebeb1d1515ad066d9ae9182f0d62b926c00ff924803,2025-02-15T01:15:11.157000 CVE-2025-2482,0,0,be7a8d723327735044c6ecc1944caac7a739318f0bdbfa562a15b7f5a44fe782,2025-03-22T07:15:25.307000 CVE-2025-24826,0,0,afc4a3c6aa0e8288830e8c91cc81c25b8636a1b49a80120ea49c59c3d903f3ac,2025-01-28T21:15:18.817000 @@ -286846,6 +286846,9 @@ CVE-2025-27683,0,0,7e20c72afe8c88bc84d73e31c2ba29fb18f4a737228bf1bf47c1090223f9e CVE-2025-27684,0,0,240682932b2a460f603a664c7d08c6697d3ad68db39d84d7af33037bb7ea91b8,2025-04-01T20:45:03.630000 CVE-2025-27685,0,0,f1cd2113ab987f8aa8854222629b62161d79f2c62b06433ec39fa30503650db2,2025-04-01T20:44:56.343000 CVE-2025-27688,0,0,37bfd097838352d3a2c81f7e24a7a0eef1d098aec6c34d136894861caf071b8f,2025-03-18T16:15:27.980000 +CVE-2025-27692,1,1,9ca37d99405705bc3811a9ef260a33dffb32c6a5759c2fd82f54af204311ff49,2025-04-02T01:15:37.117000 +CVE-2025-27693,1,1,0eef02cc0236343b6aa16a2eb59cdb732e91f389e90fb92a5fef21e8140d0fc7,2025-04-02T01:15:37.283000 +CVE-2025-27694,1,1,c891683dcfd971294e72cdfba4f5a33a48aecbde78c1324919a1d3fd57042b60,2025-04-02T01:15:37.430000 CVE-2025-27704,0,0,86d6df9596e1ab01bb839e39075597fb6abcd0e8a7145e06c224ef11d5c72693,2025-03-19T19:15:47.390000 CVE-2025-27705,0,0,c5ff1aec7cfc8542770275a002f6e0d41571adb88f3dd40ea1ae12b57d47c3ea,2025-03-19T20:15:19.727000 CVE-2025-27715,0,0,3945a29c5f5d17f328e68afe21b406dfe2951d48ca4e13bc184b7c24d7c6efed,2025-03-27T15:01:03.360000 @@ -287261,6 +287264,8 @@ CVE-2025-2996,0,0,7bbdd53b483fc5fbc9f485fbcd7ea4957b8c349b8017466a9f0d8bb20d8814 CVE-2025-2997,0,0,bc69099f8d7511956f428361eaf24eeb839dd67cac5eb37cbb44b2b22459dbf9,2025-04-01T20:26:30.593000 CVE-2025-2998,0,0,827aa23e1866da63b394bb2878f39c7208b378e6225cdb1e91f5f1852d0e36c0,2025-04-01T20:26:30.593000 CVE-2025-29980,0,0,02b1f4fe8cc2958b2decdcfb4a2e99acadf56a3773103d9215c6253bff189364,2025-03-20T20:15:33.233000 +CVE-2025-29981,1,1,09c28e3ee545109db38128e7f5d516fe3a6a99af856d0f50210b74debfea6398,2025-04-02T01:15:37.577000 +CVE-2025-29982,1,1,443f279ec3e8f8ec74d9581c45f6c19a36b2a204d80517adb9c5466221fe93dc,2025-04-02T01:15:37.723000 CVE-2025-2999,0,0,81444588dd7906e6c8cac51c6c8e57e7e231b44db369bc45695ecb3a2d560ed4,2025-04-01T20:26:22.890000 CVE-2025-29993,0,0,5a3aa3d216416e2fe2b892d0a3793dacda985a3191a3f3e25b8b0846fab45986,2025-03-27T16:45:27.850000 CVE-2025-29994,0,0,8b1d4c4db8a5bb026ac4bf9b653f3b25d05b3b75f8c87e310d6dd90fa8b8e6c7,2025-03-13T12:15:13.660000 @@ -287393,7 +287398,7 @@ CVE-2025-30352,0,0,2de13b7ea6496a9753fe04c1b9f1d1f6040e23740e41cd04836f25b10e4f3 CVE-2025-30353,0,0,8e65a7ad0acf611c52613ace8bbc6a0d71be7f9b2d98fcdd8dc95fe923800548,2025-03-27T16:45:27.850000 CVE-2025-30354,0,0,5dfd79e839963dacd533ae1d1045edbad165ae9e4f05b41666c121d409d7b22d,2025-04-01T20:26:11.547000 CVE-2025-30355,0,0,c181bb9f03178ada7f8864d95d9a7bf782ab89dac6c391740fa45089c2c71179,2025-03-27T16:45:27.850000 -CVE-2025-30356,1,1,4e2c8f1702b034f0ec44cd60888c6cfb635d04d1ae8401edcf97484e33555318,2025-04-01T22:15:21.297000 +CVE-2025-30356,0,0,4e2c8f1702b034f0ec44cd60888c6cfb635d04d1ae8401edcf97484e33555318,2025-04-01T22:15:21.297000 CVE-2025-30358,0,0,1336bf68dc77795212b15e968253b9b288e4ef6b51817854b1199a3a91700753,2025-03-27T16:45:12.210000 CVE-2025-3036,0,0,9b0cf009578125197aa4aec620a4f3c05203c71ea759e4feb8ce4148704a9ff5,2025-04-01T20:26:22.890000 CVE-2025-30361,0,0,2a99a8777446b2a7100805cd3ee21a3444f465410c503a48207dd0edeacecf45,2025-03-28T18:11:40.180000 @@ -287562,9 +287567,18 @@ CVE-2025-30620,0,0,c08b515269c7c0e04b1b49f9e6c2ffe9756d4e917a1b7d90dc4cbb8598369 CVE-2025-30621,0,0,8c6a6eedc9f943375208fa96aeb0d151078d5fa54598208cfb233511cfe9bf71,2025-03-27T16:44:44.143000 CVE-2025-30622,0,0,797c397d49f77f00a276d4088c4e3466e59efa0b6ce4fa17d94546d3a32ca074,2025-04-01T20:26:11.547000 CVE-2025-30623,0,0,a8e0620fa0eff69e53f34c91bac6562d90d04f91188fb9d1c9bfa47d4c96dabd,2025-03-27T16:44:44.143000 +CVE-2025-3066,1,1,2dc9237ed16bea3a669d44eb9c63d5f5d3da5f52c8da53369eb787262bef2b6b,2025-04-02T01:15:37.873000 +CVE-2025-3067,1,1,a1cd7ecee7808b7e6eeee70125e8546a5e4ee2d55893fb24b796ccabf8cba6d9,2025-04-02T01:15:38.010000 CVE-2025-30672,0,0,3ded266990ba9009f55577f3f5d04302a5c6b8450014b92c80b83398ad23d15e,2025-04-01T20:26:11.547000 CVE-2025-30673,0,0,1cf76211fcfa10ad4c1393e8c6dafbf3bed92def83ca793b34e5eea95c528365,2025-04-01T20:26:11.547000 CVE-2025-30676,0,0,3e67eb6b5b390fd0a890a53592e5ec879a5cd04f0023bc4e82423b1868db6a78,2025-04-01T20:26:11.547000 +CVE-2025-3068,1,1,091cc762d9b8a8f8a077c885a0683f5ea215e12b55d95a52c5aebce7ef6a86e4,2025-04-02T01:15:38.093000 +CVE-2025-3069,1,1,ee8ca143266eb86d15c9848d2c3360cd19f3cc71787f917dbc410fab67008eb4,2025-04-02T01:15:38.187000 +CVE-2025-3070,1,1,53c53f991861f7edd26c24e9fb702f7a6d4774d5803aca32533dfe8b8501e92e,2025-04-02T01:15:38.283000 +CVE-2025-3071,1,1,b35b5cf222bbb77b2698400bcd639e542a2b5443d1d7db5767f2873521232f46,2025-04-02T01:15:38.413000 +CVE-2025-3072,1,1,89bbf3614f5396edbb5e52d5f46ab7c379153dc4a1ae5b07a06c22c32e47481b,2025-04-02T01:15:38.503000 +CVE-2025-3073,1,1,a931a3351eadab7ee300cef65f8faaccae3408f260751d9049570702898cefc4,2025-04-02T01:15:38.600000 +CVE-2025-3074,1,1,45ec19092253c1036517bac5becbff3ee7ae7f49e5c3f825354b9ed9e5c8ed43,2025-04-02T01:15:38.690000 CVE-2025-30741,0,0,a7ba724d5523a4cf0c1b38678a2ee1b0c99bfb24f80e0249782577c8771159ad,2025-03-27T16:45:46.410000 CVE-2025-30742,0,0,86ca35df94be3200dc999955b93d6c2b0d3e9fbdd347944fb57613c93c49228a,2025-03-27T16:45:46.410000 CVE-2025-30763,0,0,8cae761cd1fe343dec958c3bde26a021d7b611e1f3fb5c049ea6e8543db73e0c,2025-03-27T16:45:27.850000 @@ -287788,7 +287802,7 @@ CVE-2025-31128,0,0,52e006b38e138bd3cfa52eda23e225a5789ea16b27f326a93ad59b1b0e562 CVE-2025-31129,0,0,a6a4a9f484942a82b7b2400d9c67e69c64eabd46827eb84a0adccbba59ac10d1,2025-04-01T20:26:22.890000 CVE-2025-31131,0,0,ffe40251d16a258e4a81f59dcec18bb939bd64bb0cc9817076ba3c26ae95274a,2025-04-01T20:26:11.547000 CVE-2025-31132,0,0,eaf6e55e3fdf39265a487f499946844b88ccfa5eca63cf5dd8b8ef7debd6ca38,2025-04-01T20:26:11.547000 -CVE-2025-31135,1,1,5d9830fe721eb6879569dafe35a9908674f9d7fcb73071cd61bc77ec344b4fe5,2025-04-01T22:15:21.437000 +CVE-2025-31135,0,0,5d9830fe721eb6879569dafe35a9908674f9d7fcb73071cd61bc77ec344b4fe5,2025-04-01T22:15:21.437000 CVE-2025-31137,0,0,aa5cb365eeb8f1ccf4d4e02b2375f9788bb7b8b918887cbc536481f36524d9de,2025-04-01T20:26:01.990000 CVE-2025-31139,0,0,f77a452b5e1edddf158af71a264cde2428ac6b657f8dcbc921a40f17dadbb16d,2025-03-27T16:45:12.210000 CVE-2025-31140,0,0,b5354da0d0be6641b36fd62d7ae5da72fa26945541a5950d6dcb5ec04d83adab,2025-03-27T16:45:12.210000