admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 02:32:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-02-17 00:00:31 +00:00
parent f4e3f86950
commit 00b7675eed
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
5 changed files with 374 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

116
2025/0xxx/CVE-2025-0591.json
View File

@ -1,17 +1,127 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0591",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Out-of-bounds Read vulnerability (CWE-125) was found in CX-Programmer. Attackers may be able to read sensitive information or cause an application crash by abusing this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "OMRON Corporation",
"product": {
"product_data": [
{
"product_name": "FA Integrated Tool Package CX-One",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "Ver.9.83 or lower"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2025-003_en.pdf",
"refsource": "MISC",
"name": "https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2025-003_en.pdf"
},
{
"url": "https://www.fa.omron.co.jp/product/security/assets/pdf/ja/OMSR-2025-003_ja.pdf",
"refsource": "MISC",
"name": "https://www.fa.omron.co.jp/product/security/assets/pdf/ja/OMSR-2025-003_ja.pdf"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "OMSR-2025-003",
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "OMRON recommends that customers take the following mitigation measures to minimize the risk of exploitation of these vulnerabilities.<br><br>1. Anti-virus protection Protect any PC with access to the control system against malware and ensure installation and maintenance of up-to-date commercial grade anti-virus software protection.<br><br>2. Security measures to prevent unauthorized access<br>- Minimize connection of control systems and equipment to open networks, so that untrusted devices will be unable to access them.<br>- Implement firewalls (by shutting down unused communications ports, limiting communications hosts) and isolate them from the IT network.<br>- Use a virtual private network (VPN) for remote access to control systems and equipment.<br>- Use strong passwords and change them frequently.<br>- Install physical controls so that only authorized personnel can access control systems and equipment.<br>- Scan virus to ensure safety of any USB drives or similar devices before connecting them to systems and devices.<br>- Enforce multifactor authentication to all devices with remote access to control systems and equipment whenever possible.<br><br>3. Data input and output protection Validation processing such as backup and range check to cope with unintentional modification of input/output data to control systems and devices.<br><br>4. Data recovery Periodical data backup and maintenance to prepare for data loss.<br>"
}
],
"value": "OMRON recommends that customers take the following mitigation measures to minimize the risk of exploitation of these vulnerabilities.\n\n1. Anti-virus protection Protect any PC with access to the control system against malware and ensure installation and maintenance of up-to-date commercial grade anti-virus software protection.\n\n2. Security measures to prevent unauthorized access\n- Minimize connection of control systems and equipment to open networks, so that untrusted devices will be unable to access them.\n- Implement firewalls (by shutting down unused communications ports, limiting communications hosts) and isolate them from the IT network.\n- Use a virtual private network (VPN) for remote access to control systems and equipment.\n- Use strong passwords and change them frequently.\n- Install physical controls so that only authorized personnel can access control systems and equipment.\n- Scan virus to ensure safety of any USB drives or similar devices before connecting them to systems and devices.\n- Enforce multifactor authentication to all devices with remote access to control systems and equipment whenever possible.\n\n3. Data input and output protection Validation processing such as backup and range check to cope with unintentional modification of input/output data to control systems and devices.\n\n4. Data recovery Periodical data backup and maintenance to prepare for data loss."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update your CX-Programmer to the countermeasure version to fix the vulnerability.<br>For information on how to obtain and update the countermeasure version of the product, please contact our sales representative or distributor. You can update CX-One to the latest versions using the installed Omron Automation Software AutoUpdate tool.<br>"
}
],
"value": "Update your CX-Programmer to the countermeasure version to fix the vulnerability.\nFor information on how to obtain and update the countermeasure version of the product, please contact our sales representative or distributor. You can update CX-One to the latest versions using the installed Omron Automation Software AutoUpdate tool."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

109
2025/1xxx/CVE-2025-1364.json
View File

@ -1,17 +1,118 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1364",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been found in MicroWord eScan Antivirus 7.0.32 on Linux and classified as critical. Affected by this vulnerability is the function passPrompt of the component USB Protection Service. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "In MicroWord eScan Antivirus 7.0.32 f\u00fcr Linux wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Hierbei betrifft es die Funktion passPrompt der Komponente USB Protection Service. Durch die Manipulation mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Memory Corruption",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MicroWord",
"product": {
"product_data": [
{
"product_name": "eScan Antivirus",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.0.32"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.295969",
"refsource": "MISC",
"name": "https://vuldb.com/?id.295969"
},
{
"url": "https://vuldb.com/?ctiid.295969",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.295969"
},
{
"url": "https://vuldb.com/?submit.496481",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.496481"
},
{
"url": "https://github.com/dmknght/FIS_RnD/blob/main/escan_av_usb_protection_multiple_vulns.md",
"refsource": "MISC",
"name": "https://github.com/dmknght/FIS_RnD/blob/main/escan_av_usb_protection_multiple_vulns.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "FPT IS Security (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.3,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.3,
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

124
2025/1xxx/CVE-2025-1365.json
View File

@ -1,17 +1,133 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1365",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, was found in GNU elfutils 0.192. This affects the function process_symtab of the file readelf.c of the component eu-readelf. The manipulation of the argument D/a leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 5e5c0394d82c53e97750fe7b18023e6f84157b81. It is recommended to apply a patch to fix this issue."
},
{
"lang": "deu",
"value": "Es wurde eine kritische Schwachstelle in GNU elfutils 0.192 gefunden. Es geht dabei um die Funktion process_symtab der Datei readelf.c der Komponente eu-readelf. Dank der Manipulation des Arguments D/a mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 5e5c0394d82c53e97750fe7b18023e6f84157b81 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow",
"cweId": "CWE-120"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Memory Corruption",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GNU",
"product": {
"product_data": [
{
"product_name": "elfutils",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0.192"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.295977",
"refsource": "MISC",
"name": "https://vuldb.com/?id.295977"
},
{
"url": "https://vuldb.com/?ctiid.295977",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.295977"
},
{
"url": "https://vuldb.com/?submit.496483",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.496483"
},
{
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32654",
"refsource": "MISC",
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=32654"
},
{
"url": "https://sourceware.org/bugzilla/attachment.cgi?id=15925",
"refsource": "MISC",
"name": "https://sourceware.org/bugzilla/attachment.cgi?id=15925"
},
{
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32654#c2",
"refsource": "MISC",
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=32654#c2"
},
{
"url": "https://www.gnu.org/",
"refsource": "MISC",
"name": "https://www.gnu.org/"
}
]
},
"credits": [
{
"lang": "en",
"value": "rookie (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.3,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.3,
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

18
2025/1xxx/CVE-2025-1383.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1383",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/1xxx/CVE-2025-1384.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1384",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}