From 01627a073aefc14bb9f9ad52b3f58d76f1fe6d13 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 19 Mar 2025 17:00:37 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/53xxx/CVE-2024-53967.json | 103 ++++++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53968.json | 103 ++++++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53969.json | 103 ++++++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53970.json | 103 ++++++++++++++++++++++++++-- 2025/0xxx/CVE-2025-0431.json | 118 +++++++++++++++++++++++++++++++-- 2025/24xxx/CVE-2025-24489.json | 18 +++++ 2025/27xxx/CVE-2025-27714.json | 18 +++++ 2025/27xxx/CVE-2025-27721.json | 18 +++++ 2025/29xxx/CVE-2025-29118.json | 56 ++++++++++++++-- 2025/30xxx/CVE-2025-30153.json | 96 +++++++++++++++++++++++++-- 2025/30xxx/CVE-2025-30244.json | 18 +++++ 2025/30xxx/CVE-2025-30245.json | 18 +++++ 2025/30xxx/CVE-2025-30246.json | 18 +++++ 2025/30xxx/CVE-2025-30247.json | 18 +++++ 2025/30xxx/CVE-2025-30248.json | 18 +++++ 2025/30xxx/CVE-2025-30249.json | 18 +++++ 2025/30xxx/CVE-2025-30250.json | 18 +++++ 2025/30xxx/CVE-2025-30251.json | 18 +++++ 2025/30xxx/CVE-2025-30252.json | 18 +++++ 2025/30xxx/CVE-2025-30253.json | 18 +++++ 20 files changed, 886 insertions(+), 30 deletions(-) create mode 100644 2025/24xxx/CVE-2025-24489.json create mode 100644 2025/27xxx/CVE-2025-27714.json create mode 100644 2025/27xxx/CVE-2025-27721.json create mode 100644 2025/30xxx/CVE-2025-30244.json create mode 100644 2025/30xxx/CVE-2025-30245.json create mode 100644 2025/30xxx/CVE-2025-30246.json create mode 100644 2025/30xxx/CVE-2025-30247.json create mode 100644 2025/30xxx/CVE-2025-30248.json create mode 100644 2025/30xxx/CVE-2025-30249.json create mode 100644 2025/30xxx/CVE-2025-30250.json create mode 100644 2025/30xxx/CVE-2025-30251.json create mode 100644 2025/30xxx/CVE-2025-30252.json create mode 100644 2025/30xxx/CVE-2025-30253.json diff --git a/2024/53xxx/CVE-2024-53967.json b/2024/53xxx/CVE-2024-53967.json index e8a7b3da2ad..a3904a5f9a9 100644 --- a/2024/53xxx/CVE-2024-53967.json +++ b/2024/53xxx/CVE-2024-53967.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53967", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code in the context of the victim's browser session. By manipulating the DOM environment in the victim's browser, a low privileged attacker can inject malicious scripts that are executed by the victim's browser. Exploitation of this issue requires user interaction, typically in the form of following a malicious link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (DOM-based XSS) (CWE-79)", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Adobe Experience Manager", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "6.5.21", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html", + "refsource": "MISC", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 5.4, + "environmentalSeverity": "MEDIUM", + "exploitCodeMaturity": "NOT_DEFINED", + "integrityImpact": "LOW", + "integrityRequirement": "NOT_DEFINED", + "modifiedAttackComplexity": "LOW", + "modifiedAttackVector": "NETWORK", + "modifiedAvailabilityImpact": "NONE", + "modifiedConfidentialityImpact": "LOW", + "modifiedIntegrityImpact": "LOW", + "modifiedPrivilegesRequired": "LOW", + "modifiedScope": "CHANGED", + "modifiedUserInteraction": "REQUIRED", + "privilegesRequired": "LOW", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "scope": "CHANGED", + "temporalScore": 5.4, + "temporalSeverity": "MEDIUM", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53968.json b/2024/53xxx/CVE-2024-53968.json index c66cee49f1b..4424b519d18 100644 --- a/2024/53xxx/CVE-2024-53968.json +++ b/2024/53xxx/CVE-2024-53968.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53968", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code in the context of the victim's browser session. By manipulating the DOM environment in the victim's browser, a low privileged attacker can inject malicious scripts that are executed by the victim's browser. Exploitation of this issue requires user interaction, typically in the form of following a malicious link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (DOM-based XSS) (CWE-79)", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Adobe Experience Manager", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "6.5.21", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html", + "refsource": "MISC", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 5.4, + "environmentalSeverity": "MEDIUM", + "exploitCodeMaturity": "NOT_DEFINED", + "integrityImpact": "LOW", + "integrityRequirement": "NOT_DEFINED", + "modifiedAttackComplexity": "LOW", + "modifiedAttackVector": "NETWORK", + "modifiedAvailabilityImpact": "NONE", + "modifiedConfidentialityImpact": "LOW", + "modifiedIntegrityImpact": "LOW", + "modifiedPrivilegesRequired": "LOW", + "modifiedScope": "CHANGED", + "modifiedUserInteraction": "REQUIRED", + "privilegesRequired": "LOW", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "scope": "CHANGED", + "temporalScore": 5.4, + "temporalSeverity": "MEDIUM", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53969.json b/2024/53xxx/CVE-2024-53969.json index 1ad8a7f855b..bc45cd0e53a 100644 --- a/2024/53xxx/CVE-2024-53969.json +++ b/2024/53xxx/CVE-2024-53969.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53969", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code in the context of the victim's browser session. By manipulating the DOM environment in the victim's browser, a low privileged attacker can inject malicious scripts that are executed by the victim's browser. Exploitation of this issue requires user interaction, typically in the form of following a malicious link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (DOM-based XSS) (CWE-79)", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Adobe Experience Manager", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "6.5.21", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html", + "refsource": "MISC", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 5.4, + "environmentalSeverity": "MEDIUM", + "exploitCodeMaturity": "NOT_DEFINED", + "integrityImpact": "LOW", + "integrityRequirement": "NOT_DEFINED", + "modifiedAttackComplexity": "LOW", + "modifiedAttackVector": "NETWORK", + "modifiedAvailabilityImpact": "NONE", + "modifiedConfidentialityImpact": "LOW", + "modifiedIntegrityImpact": "LOW", + "modifiedPrivilegesRequired": "LOW", + "modifiedScope": "CHANGED", + "modifiedUserInteraction": "REQUIRED", + "privilegesRequired": "LOW", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "scope": "CHANGED", + "temporalScore": 5.4, + "temporalSeverity": "MEDIUM", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53970.json b/2024/53xxx/CVE-2024-53970.json index 71c71729419..516caa37a65 100644 --- a/2024/53xxx/CVE-2024-53970.json +++ b/2024/53xxx/CVE-2024-53970.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53970", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Stored XSS) (CWE-79)", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Adobe Experience Manager", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "6.5.21", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html", + "refsource": "MISC", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 5.4, + "environmentalSeverity": "MEDIUM", + "exploitCodeMaturity": "NOT_DEFINED", + "integrityImpact": "LOW", + "integrityRequirement": "NOT_DEFINED", + "modifiedAttackComplexity": "LOW", + "modifiedAttackVector": "NETWORK", + "modifiedAvailabilityImpact": "NONE", + "modifiedConfidentialityImpact": "LOW", + "modifiedIntegrityImpact": "LOW", + "modifiedPrivilegesRequired": "LOW", + "modifiedScope": "CHANGED", + "modifiedUserInteraction": "REQUIRED", + "privilegesRequired": "LOW", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "scope": "CHANGED", + "temporalScore": 5.4, + "temporalSeverity": "MEDIUM", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2025/0xxx/CVE-2025-0431.json b/2025/0xxx/CVE-2025-0431.json index b5b787dbc69..b7a67d1dbd6 100644 --- a/2025/0xxx/CVE-2025-0431.json +++ b/2025/0xxx/CVE-2025-0431.json @@ -1,17 +1,127 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0431", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@proofpoint.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Enterprise Protection contains a vulnerability in URL rewriting that allows an unauthenticated remote attacker to send an email which bypasses URL protections impacting the integrity of recipient's email. This occurs due to improper filtering of backslashes within URLs and affects all versions of 8.21, 8.20 and 8.18 prior to 8.21.0 patch 5115, 8.20.6 patch 5114 and 8.18.6 patch 5113 respectively." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-790 Improper Filtering of Special Elements", + "cweId": "CWE-790" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Proofpoint", + "product": { + "product_data": [ + { + "product_name": "Enterprise Protection", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "patch 5113", + "status": "unaffected" + } + ], + "lessThan": "patch 5113", + "status": "affected", + "version": "8.18.6", + "versionType": "semver" + }, + { + "changes": [ + { + "at": "patch 5114", + "status": "unaffected" + } + ], + "lessThan": "patch 5114", + "status": "affected", + "version": "8.20.6", + "versionType": "semver" + }, + { + "changes": [ + { + "at": "patch 5115", + "status": "unaffected" + } + ], + "lessThan": "patch 5115", + "status": "affected", + "version": "8.21.0", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2025-0001", + "refsource": "MISC", + "name": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2025-0001" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2025/24xxx/CVE-2025-24489.json b/2025/24xxx/CVE-2025-24489.json new file mode 100644 index 00000000000..8cdea761743 --- /dev/null +++ b/2025/24xxx/CVE-2025-24489.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24489", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/27xxx/CVE-2025-27714.json b/2025/27xxx/CVE-2025-27714.json new file mode 100644 index 00000000000..9bc1bd100ec --- /dev/null +++ b/2025/27xxx/CVE-2025-27714.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-27714", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/27xxx/CVE-2025-27721.json b/2025/27xxx/CVE-2025-27721.json new file mode 100644 index 00000000000..d5ef82c0754 --- /dev/null +++ b/2025/27xxx/CVE-2025-27721.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-27721", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/29xxx/CVE-2025-29118.json b/2025/29xxx/CVE-2025-29118.json index 7b1bacd8f60..308c1ee3db4 100644 --- a/2025/29xxx/CVE-2025-29118.json +++ b/2025/29xxx/CVE-2025-29118.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-29118", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-29118", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC8 V16.03.34.06 was discovered to contain a stack overflow via the src parameter in the function sub_47D878." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Raining-101/IOT_cve/blob/main/tenda-ac8_sub_47D878.md", + "refsource": "MISC", + "name": "https://github.com/Raining-101/IOT_cve/blob/main/tenda-ac8_sub_47D878.md" } ] } diff --git a/2025/30xxx/CVE-2025-30153.json b/2025/30xxx/CVE-2025-30153.json index d5205a03bca..7626c428986 100644 --- a/2025/30xxx/CVE-2025-30153.json +++ b/2025/30xxx/CVE-2025-30153.json @@ -1,17 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30153", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "kin-openapi is a Go project for handling OpenAPI files. Prior to 0.131.0, when validating a request with a multipart/form-data schema, if the OpenAPI schema allows it, an attacker can upload a crafted ZIP file (e.g., a ZIP bomb), causing the server to consume all available system memory. The root cause comes from the ZipFileBodyDecoder, which is registered automatically by the module (contrary to what the documentation says). This vulnerability is fixed in 0.131.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)", + "cweId": "CWE-409" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "getkin", + "product": { + "product_data": [ + { + "product_name": "kin-openapi", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 0.131.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/getkin/kin-openapi/security/advisories/GHSA-wq9g-9vfc-cfq9", + "refsource": "MISC", + "name": "https://github.com/getkin/kin-openapi/security/advisories/GHSA-wq9g-9vfc-cfq9" + }, + { + "url": "https://github.com/getkin/kin-openapi/commit/67f0b233ffc01332f7d993f79490fbea5f4455f1", + "refsource": "MISC", + "name": "https://github.com/getkin/kin-openapi/commit/67f0b233ffc01332f7d993f79490fbea5f4455f1" + }, + { + "url": "https://github.com/getkin/kin-openapi/blob/6da871e0e170b7637eb568c265c08bc2b5d6e7a3/openapi3filter/req_resp_decoder.go#L1275", + "refsource": "MISC", + "name": "https://github.com/getkin/kin-openapi/blob/6da871e0e170b7637eb568c265c08bc2b5d6e7a3/openapi3filter/req_resp_decoder.go#L1275" + }, + { + "url": "https://github.com/getkin/kin-openapi/blob/6da871e0e170b7637eb568c265c08bc2b5d6e7a3/openapi3filter/req_resp_decoder.go#L1523", + "refsource": "MISC", + "name": "https://github.com/getkin/kin-openapi/blob/6da871e0e170b7637eb568c265c08bc2b5d6e7a3/openapi3filter/req_resp_decoder.go#L1523" + }, + { + "url": "https://github.com/getkin/kin-openapi?tab=readme-ov-file#custom-content-type-for-body-of-http-requestresponse", + "refsource": "MISC", + "name": "https://github.com/getkin/kin-openapi?tab=readme-ov-file#custom-content-type-for-body-of-http-requestresponse" + } + ] + }, + "source": { + "advisory": "GHSA-wq9g-9vfc-cfq9", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2025/30xxx/CVE-2025-30244.json b/2025/30xxx/CVE-2025-30244.json new file mode 100644 index 00000000000..5b55607b40e --- /dev/null +++ b/2025/30xxx/CVE-2025-30244.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30244", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30245.json b/2025/30xxx/CVE-2025-30245.json new file mode 100644 index 00000000000..a86ec00dbc4 --- /dev/null +++ b/2025/30xxx/CVE-2025-30245.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30245", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30246.json b/2025/30xxx/CVE-2025-30246.json new file mode 100644 index 00000000000..97348d5e6f3 --- /dev/null +++ b/2025/30xxx/CVE-2025-30246.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30246", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30247.json b/2025/30xxx/CVE-2025-30247.json new file mode 100644 index 00000000000..37e8a9e16c6 --- /dev/null +++ b/2025/30xxx/CVE-2025-30247.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30247", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30248.json b/2025/30xxx/CVE-2025-30248.json new file mode 100644 index 00000000000..cd0dab0ff72 --- /dev/null +++ b/2025/30xxx/CVE-2025-30248.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30248", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30249.json b/2025/30xxx/CVE-2025-30249.json new file mode 100644 index 00000000000..7bd5cd41df1 --- /dev/null +++ b/2025/30xxx/CVE-2025-30249.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30249", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30250.json b/2025/30xxx/CVE-2025-30250.json new file mode 100644 index 00000000000..65620c95a27 --- /dev/null +++ b/2025/30xxx/CVE-2025-30250.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30250", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30251.json b/2025/30xxx/CVE-2025-30251.json new file mode 100644 index 00000000000..602f698331e --- /dev/null +++ b/2025/30xxx/CVE-2025-30251.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30251", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30252.json b/2025/30xxx/CVE-2025-30252.json new file mode 100644 index 00000000000..5f617f4f023 --- /dev/null +++ b/2025/30xxx/CVE-2025-30252.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30252", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30253.json b/2025/30xxx/CVE-2025-30253.json new file mode 100644 index 00000000000..8b1fe54498b --- /dev/null +++ b/2025/30xxx/CVE-2025-30253.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30253", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file