admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 11:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-04-06T20:00:19.408971+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-04-06 20:03:55 +00:00
parent d23e929ca1
commit fd98c6d23b
5 changed files with 257 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
CVE-2025/CVE-2025-22xx/CVE-2025-2258.json Normal file
View File

@ -0,0 +1,82 @@
{
"id": "CVE-2025-2258",
"sourceIdentifier": "emo@eclipse.org",
"published": "2025-04-06T19:15:40.197",
"lastModified": "2025-04-06T19:15:40.197",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In NetX Duo component HTTP server functionality of Eclipse ThreadX NetX Duo before \nversion 6.4.3, an attacker can cause an integer underflow and a \nsubsequent denial of service by writing a very large file, by specially \ncrafted packets with Content-Length smaller than the data request size. A\n possible workaround is to disable HTTP PUT support.\n\n\n\n\nThis issue follows an uncomplete fix in CVE-2025-0728."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "emo@eclipse.org",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "emo@eclipse.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-191"
}
]
}
],
"references": [
{
"url": "https://github.com/eclipse-threadx/netxduo/commit/6c8e9d1c95d71bd4b313e1cc37d8f8841543b248",
"source": "emo@eclipse.org"
},
{
"url": "https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-chqp-8vf8-cj25",
"source": "emo@eclipse.org"
}
]
}

82
CVE-2025/CVE-2025-22xx/CVE-2025-2259.json Normal file
View File

@ -0,0 +1,82 @@
{
"id": "CVE-2025-2259",
"sourceIdentifier": "emo@eclipse.org",
"published": "2025-04-06T19:15:41.020",
"lastModified": "2025-04-06T19:15:41.020",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before \nversion 6.4.3, an attacker can cause an integer underflow and a \nsubsequent denial of service by writing a very large file, by specially \ncrafted packets with Content-Length in one packet smaller than the data \nrequest size of the other packet. A possible workaround is to disable \nHTTP PUT support.\n\n\n\n\nThis issue follows an incomplete fix of CVE-2025-0727"
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "emo@eclipse.org",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "emo@eclipse.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-191"
}
]
}
],
"references": [
{
"url": "https://github.com/eclipse-threadx/netxduo/commit/fb3195bbb6d0d6fe71a7a19585c008623c217f9e",
"source": "emo@eclipse.org"
},
{
"url": "https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-chhp-gmxc-46rq",
"source": "emo@eclipse.org"
}
]
}

82
CVE-2025/CVE-2025-22xx/CVE-2025-2260.json Normal file
View File

@ -0,0 +1,82 @@
{
"id": "CVE-2025-2260",
"sourceIdentifier": "emo@eclipse.org",
"published": "2025-04-06T19:15:41.153",
"lastModified": "2025-04-06T19:15:41.153",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before \nversion 6.4.3, an attacker can cause a denial of service by specially \ncrafted packets. The core issue is missing closing of a file in case of \nan error condition, resulting in the 404 error for each further file \nrequest. Users can work-around the issue by disabling the PUT request \nsupport.\n\n\n\n\nThis issue follows an incomplete fix of CVE-2025-0726."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "emo@eclipse.org",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "emo@eclipse.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-459"
}
]
}
],
"references": [
{
"url": "https://github.com/eclipse-threadx/netxduo/commit/fb3195bbb6d0d6fe71a7a19585c008623c217f9e",
"source": "emo@eclipse.org"
},
{
"url": "https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-f42f-6fvv-xqx3",
"source": "emo@eclipse.org"
}
]
}

12
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2025-04-06T16:00:19.600211+00:00
2025-04-06T20:00:19.408971+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2025-04-06T14:15:35.690000+00:00
2025-04-06T19:15:41.153000+00:00
```
### Last Data Feed Release
@ -33,14 +33,16 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
288723
288726
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `3`
- [CVE-2025-3318](CVE-2025/CVE-2025-33xx/CVE-2025-3318.json) (`2025-04-06T14:15:35.690`)
- [CVE-2025-2258](CVE-2025/CVE-2025-22xx/CVE-2025-2258.json) (`2025-04-06T19:15:40.197`)
- [CVE-2025-2259](CVE-2025/CVE-2025-22xx/CVE-2025-2259.json) (`2025-04-06T19:15:41.020`)
- [CVE-2025-2260](CVE-2025/CVE-2025-22xx/CVE-2025-2260.json) (`2025-04-06T19:15:41.153`)
### CVEs modified in the last Commit

5
_state.csv
View File

@ -283858,6 +283858,7 @@ CVE-2025-22576,0,0,d91ec1220267346d1a0f0443983782bbf181c797facca8f491a7bfecb878d
CVE-2025-22577,0,0,de49ca44634bd4c2dcd4ed4b2c861f3aeca16b15d3e20dc646883514b316145b,2025-01-07T16:15:53.823000
CVE-2025-22578,0,0,a663c0074d74b9b4b7e504663f4236ea23bd746235c7a6cf544a9a518e4833f7,2025-01-07T16:15:53.970000
CVE-2025-22579,0,0,dec211853384da65ca43ab843ad0ef7d38624586cc8219bff72d8bb4860195e9,2025-01-07T16:15:54.130000
CVE-2025-2258,1,1,0cd74c3c079054629f3b7fe0c23cdb301c762243761a12a2db00d9a9f07c09d5,2025-04-06T19:15:40.197000
CVE-2025-22580,0,0,987481d428d626ab3a636b089b28e62611932bb1aa3674325a18a905b6d8d87d,2025-01-07T16:15:54.303000
CVE-2025-22581,0,0,f24e3c65602b83836f496886c24039cf1c8846e00c33a0a0c021007f597e352b,2025-01-07T16:15:54.467000
CVE-2025-22582,0,0,bbd386f1b2f8f011e4028e09374da7622be33dbcfbf78736ef844c0c8abee84b,2025-01-07T16:15:54.640000
@ -283868,6 +283869,7 @@ CVE-2025-22586,0,0,16804334a047b2f01340eb62615a8dd9316b9a12b35e95c16e6a136bd06b6
CVE-2025-22587,0,0,2bf5cc749481686a77b87726094a1b5a9d61f7be75b7c5b80afd006567747bd5,2025-01-15T16:15:35.097000
CVE-2025-22588,0,0,3237594a1e0f94efbc9060e1729c2d2e97f5964f4414bc5b9057647a8c2b5034,2025-01-13T14:15:12.660000
CVE-2025-22589,0,0,04766fb247e57bcb66805699f5e7d85615d427973633880479f532a655c1369c,2025-01-07T16:15:55.053000
CVE-2025-2259,1,1,68846400b8097b692c6ea924ac979253412bd794b75a493b4641799303edb2fe,2025-04-06T19:15:41.020000
CVE-2025-22590,0,0,c88e366f105099929b737c28e4e59657f86cfa9e8944fe204794560a0673da79,2025-01-07T16:15:55.200000
CVE-2025-22591,0,0,9dc7be8606e10b7ca53ae284810d2833be8121f6bd7b217f458b2b42cfb403cb,2025-01-07T16:15:55.337000
CVE-2025-22592,0,0,f03fcd01ef66d026e28f7de006f4752785662917cd91a853528350917c3e1917,2025-01-07T16:15:55.470000
@ -283878,6 +283880,7 @@ CVE-2025-22596,0,0,85a91d84b086cf2d26ea13cd9daa28bfb104cad323d8ccc40a1c8d7f329fb
CVE-2025-22597,0,0,17f31e496d6f89ce90e67d8d3354a46b69c965ce65fd32dbc48c02e3fb30a22a,2025-01-10T16:15:30.343000
CVE-2025-22598,0,0,0c44771a87717f07aa16150607f16cb1b938a538d21078934565966886608cde,2025-01-10T16:15:30.540000
CVE-2025-22599,0,0,20809292b1d6f857c32458a3cd86c68344c8e6624af18d1980e2ad05be7596b8,2025-01-10T16:15:30.737000
CVE-2025-2260,1,1,c431dfa2bc816b6bda9f95593a59e0f27ac80b299217b3c32775f06827f9e040,2025-04-06T19:15:41.153000
CVE-2025-22600,0,0,d3a9bca45ae0c92a9f59f04a8a63958720efe424d52a1aec0d078cf124c20863,2025-01-10T16:15:30.940000
CVE-2025-22601,0,0,e5a036684b4e6e1204af1b20135d30f3904e4c5af4a80eedecb01794128ea749,2025-02-04T21:15:27.800000
CVE-2025-22602,0,0,c8f7aea9374385130d2049dfea6e2ee228c262f087909008185d3a99dec96d21,2025-02-04T21:15:27.950000
@ -288721,4 +288724,4 @@ CVE-2025-3314,0,0,a32c48c2289fd3933feefe7b6a0a9bf911beb1fa21385e30072f620ea470a2
CVE-2025-3315,0,0,9776cb51c8d38710e9030f960166522adc4aae91b7ff11648399ee90f9908a2e,2025-04-06T10:15:14.840000
CVE-2025-3316,0,0,fc4d587cd5ac49c70a66a30fbc023322e933c9de67f1c943ba865d091e57d516,2025-04-06T11:15:39.240000
CVE-2025-3317,0,0,3890e20ca65cea828acb6fd8ea5595e1b7f850c03a9aa2c7b21964afa7043aae,2025-04-06T12:15:14.923000
CVE-2025-3318,1,1,d9d58a29ab53394429f6599af713452c47986a9bbb8bd453c5f2db8c0c17b0d2,2025-04-06T14:15:35.690000
CVE-2025-3318,0,0,d9d58a29ab53394429f6599af713452c47986a9bbb8bd453c5f2db8c0c17b0d2,2025-04-06T14:15:35.690000

Can't render this file because it is too large.