From 00ca272b6c25d2601d3e643a288bfae6b8382bea Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 14 Mar 2025 09:00:41 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/4xxx/CVE-2024-4259.json | 20 ++- 2024/8xxx/CVE-2024-8176.json | 233 ++++++++++++++++++++++++++++++++- 2025/1xxx/CVE-2025-1507.json | 76 ++++++++++- 2025/2xxx/CVE-2025-2301.json | 18 +++ 2025/2xxx/CVE-2025-2302.json | 18 +++ 2025/30xxx/CVE-2025-30028.json | 18 +++ 2025/30xxx/CVE-2025-30029.json | 18 +++ 7 files changed, 389 insertions(+), 12 deletions(-) create mode 100644 2025/2xxx/CVE-2025-2301.json create mode 100644 2025/2xxx/CVE-2025-2302.json create mode 100644 2025/30xxx/CVE-2025-30028.json create mode 100644 2025/30xxx/CVE-2025-30029.json diff --git a/2024/4xxx/CVE-2024-4259.json b/2024/4xxx/CVE-2024-4259.json index 7decb4657fb..045a95c48ed 100644 --- a/2024/4xxx/CVE-2024-4259.json +++ b/2024/4xxx/CVE-2024-4259.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Improper Privilege Management vulnerability in SAMPA\u015e Holding AKOS allows Collect Data as Provided by Users.This issue affects AKOS: through 20240902.\u00a0\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way." + "value": "Improper Privilege Management vulnerability in SAMPA\u015e Holding AKOS (AkosCepVatandasService), SAMPA\u015e Holding AKOS (TahsilatService) allows Collect Data as Provided by Users.This issue affects AKOS (AkosCepVatandasService): before V2.0; AKOS (TahsilatService): before V1.0.7." } ] }, @@ -36,13 +36,25 @@ "product": { "product_data": [ { - "product_name": "AKOS", + "product_name": "AKOS (AkosCepVatandasService)", "version": { "version_data": [ { - "version_affected": "<=", + "version_affected": "<", "version_name": "0", - "version_value": "20240902" + "version_value": "V2.0" + } + ] + } + }, + { + "product_name": "AKOS (TahsilatService)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V1.0.7" } ] } diff --git a/2024/8xxx/CVE-2024-8176.json b/2024/8xxx/CVE-2024-8176.json index 2ba70c4f3f0..fe6eeffbe89 100644 --- a/2024/8xxx/CVE-2024-8176.json +++ b/2024/8xxx/CVE-2024-8176.json @@ -1,17 +1,242 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-8176", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Uncontrolled Recursion", + "cweId": "CWE-674" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 6", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat JBoss Core Services", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat OpenShift Container Platform 4", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2024-8176", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2024-8176" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310137", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2310137" + }, + { + "url": "https://github.com/libexpat/libexpat/issues/893", + "refsource": "MISC", + "name": "https://github.com/libexpat/libexpat/issues/893" + } + ] + }, + "work_around": [ + { + "lang": "en", + "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." + } + ], + "credits": [ + { + "lang": "en", + "value": "This issue was discovered by Jann Horn (Google Project Zero), Sandipan Roy (Red Hat), Sebastian Pipping (libexpat), and Tomas Korbar (Red Hat)." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2025/1xxx/CVE-2025-1507.json b/2025/1xxx/CVE-2025-1507.json index 6561a9f9150..7630ccf866b 100644 --- a/2025/1xxx/CVE-2025-1507.json +++ b/2025/1xxx/CVE-2025-1507.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-1507", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The ShareThis Dashboard for Google Analytics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_actions() function in all versions up to, and including, 3.2.1. This makes it possible for unauthenticated attackers to disable all features." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "sharethis", + "product": { + "product_data": [ + { + "product_name": "ShareThis Dashboard for Google Analytics", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "3.2.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/314b8638-15e7-461d-a705-3858fe6813e7?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/314b8638-15e7-461d-a705-3858fe6813e7?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3255511/googleanalytics/trunk/class/core/class-ga-controller-core.php", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3255511/googleanalytics/trunk/class/core/class-ga-controller-core.php" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Antonio Francesco Sardella" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2025/2xxx/CVE-2025-2301.json b/2025/2xxx/CVE-2025-2301.json new file mode 100644 index 00000000000..b7ff26ab67f --- /dev/null +++ b/2025/2xxx/CVE-2025-2301.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2301", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/2xxx/CVE-2025-2302.json b/2025/2xxx/CVE-2025-2302.json new file mode 100644 index 00000000000..73b587116dc --- /dev/null +++ b/2025/2xxx/CVE-2025-2302.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2302", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30028.json b/2025/30xxx/CVE-2025-30028.json new file mode 100644 index 00000000000..f399cdf1a34 --- /dev/null +++ b/2025/30xxx/CVE-2025-30028.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30028", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30029.json b/2025/30xxx/CVE-2025-30029.json new file mode 100644 index 00000000000..3b68ef2459a --- /dev/null +++ b/2025/30xxx/CVE-2025-30029.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30029", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file