From 024cde642ec2a49a502c02557795ae0a3c085fc3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 25 Feb 2025 19:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/12xxx/CVE-2024-12368.json | 89 ++++++++++++++++++++++++++++++++-- 2025/1xxx/CVE-2025-1698.json | 18 +++++++ 2025/1xxx/CVE-2025-1699.json | 18 +++++++ 2025/1xxx/CVE-2025-1700.json | 18 +++++++ 2025/1xxx/CVE-2025-1701.json | 18 +++++++ 2025/27xxx/CVE-2025-27135.json | 68 ++++++++++++++++++++++++-- 2025/27xxx/CVE-2025-27439.json | 18 +++++++ 2025/27xxx/CVE-2025-27440.json | 18 +++++++ 2025/27xxx/CVE-2025-27441.json | 18 +++++++ 2025/27xxx/CVE-2025-27442.json | 18 +++++++ 2025/27xxx/CVE-2025-27443.json | 18 +++++++ 11 files changed, 311 insertions(+), 8 deletions(-) create mode 100644 2025/1xxx/CVE-2025-1698.json create mode 100644 2025/1xxx/CVE-2025-1699.json create mode 100644 2025/1xxx/CVE-2025-1700.json create mode 100644 2025/1xxx/CVE-2025-1701.json create mode 100644 2025/27xxx/CVE-2025-27439.json create mode 100644 2025/27xxx/CVE-2025-27440.json create mode 100644 2025/27xxx/CVE-2025-27441.json create mode 100644 2025/27xxx/CVE-2025-27442.json create mode 100644 2025/27xxx/CVE-2025-27443.json diff --git a/2024/12xxx/CVE-2024-12368.json b/2024/12xxx/CVE-2024-12368.json index e8b45ce98fe..297d3f238eb 100644 --- a/2024/12xxx/CVE-2024-12368.json +++ b/2024/12xxx/CVE-2024-12368.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-12368", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@odoo.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control in the auth_oauth module of Odoo Community 15.0 and Odoo Enterprise 15.0 allows an internal user to export the OAuth tokens of other users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Odoo", + "product": { + "product_data": [ + { + "product_name": "Odoo Community", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "15.0" + } + ] + } + }, + { + "product_name": "Odoo Enterprise", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "15.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/odoo/odoo/issues/193854", + "refsource": "MISC", + "name": "https://github.com/odoo/odoo/issues/193854" + } + ] + }, + "credits": [ + { + "lang": "eng", + "value": "Rafael Fedler" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" } ] } diff --git a/2025/1xxx/CVE-2025-1698.json b/2025/1xxx/CVE-2025-1698.json new file mode 100644 index 00000000000..886d924c09b --- /dev/null +++ b/2025/1xxx/CVE-2025-1698.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-1698", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/1xxx/CVE-2025-1699.json b/2025/1xxx/CVE-2025-1699.json new file mode 100644 index 00000000000..970d76ff357 --- /dev/null +++ b/2025/1xxx/CVE-2025-1699.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-1699", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/1xxx/CVE-2025-1700.json b/2025/1xxx/CVE-2025-1700.json new file mode 100644 index 00000000000..8e35bdbc68b --- /dev/null +++ b/2025/1xxx/CVE-2025-1700.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-1700", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/1xxx/CVE-2025-1701.json b/2025/1xxx/CVE-2025-1701.json new file mode 100644 index 00000000000..d601251dd3c --- /dev/null +++ b/2025/1xxx/CVE-2025-1701.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-1701", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/27xxx/CVE-2025-27135.json b/2025/27xxx/CVE-2025-27135.json index 470f23926fc..6bdd10d9e57 100644 --- a/2025/27xxx/CVE-2025-27135.json +++ b/2025/27xxx/CVE-2025-27135.json @@ -1,18 +1,78 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27135", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. Versions 0.15.1 and prior are vulnerable to SQL injection. The ExeSQL component extracts the SQL statement from the input and sends it directly to the database query. As of time of publication, no patched version is available." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "infiniflow", + "product": { + "product_data": [ + { + "product_name": "ragflow", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "<= 0.15.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/infiniflow/ragflow/security/advisories/GHSA-3gqj-66qm-25jq", + "refsource": "MISC", + "name": "https://github.com/infiniflow/ragflow/security/advisories/GHSA-3gqj-66qm-25jq" + }, + { + "url": "https://github.com/infiniflow/ragflow/blob/v0.15.1/agent/component/exesql.py", + "refsource": "MISC", + "name": "https://github.com/infiniflow/ragflow/blob/v0.15.1/agent/component/exesql.py" + }, + { + "url": "https://swizzky.notion.site/ragflow-exesql-150ca6df7c03806989cefde915cf8e42?pvs=4", + "refsource": "MISC", + "name": "https://swizzky.notion.site/ragflow-exesql-150ca6df7c03806989cefde915cf8e42?pvs=4" + } + ] + }, + "source": { + "advisory": "GHSA-3gqj-66qm-25jq", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/27xxx/CVE-2025-27439.json b/2025/27xxx/CVE-2025-27439.json new file mode 100644 index 00000000000..318f5e653a0 --- /dev/null +++ b/2025/27xxx/CVE-2025-27439.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-27439", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/27xxx/CVE-2025-27440.json b/2025/27xxx/CVE-2025-27440.json new file mode 100644 index 00000000000..dddd9a674cd --- /dev/null +++ b/2025/27xxx/CVE-2025-27440.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-27440", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/27xxx/CVE-2025-27441.json b/2025/27xxx/CVE-2025-27441.json new file mode 100644 index 00000000000..4022d64a7a9 --- /dev/null +++ b/2025/27xxx/CVE-2025-27441.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-27441", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/27xxx/CVE-2025-27442.json b/2025/27xxx/CVE-2025-27442.json new file mode 100644 index 00000000000..a9052280da7 --- /dev/null +++ b/2025/27xxx/CVE-2025-27442.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-27442", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/27xxx/CVE-2025-27443.json b/2025/27xxx/CVE-2025-27443.json new file mode 100644 index 00000000000..1ca11ddfec1 --- /dev/null +++ b/2025/27xxx/CVE-2025-27443.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-27443", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file