admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 02:32:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-04-09 18:00:34 +00:00
parent 7c1c265675
commit 043caa65e7
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
8 changed files with 540 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
2025/30xxx/CVE-2025-30401.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A spoofing issue in WhatsApp for Windows prior to version 2.2450.6 displayed attachments according to their MIME type but selected the file opening handler based on the attachment\u2019s filename extension. A maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment when manually opening the attachment inside WhatsApp."
"value": "A spoofing issue in WhatsApp for Windows prior to version 2.2450.6 displayed attachments according to their MIME type but selected the file opening handler based on the attachment\u2019s filename extension. A maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment when manually opening the attachment inside WhatsApp. We have not seen evidence of exploitation in the wild."
}
]
},
@ -58,6 +58,11 @@
"url": "https://www.facebook.com/security/advisories/cve-2025-30401",
"refsource": "MISC",
"name": "https://www.facebook.com/security/advisories/cve-2025-30401"
},
{
"url": "https://www.whatsapp.com/security/advisories/2025/",
"refsource": "MISC",
"name": "https://www.whatsapp.com/security/advisories/2025/"
}
]
}

221
2025/3xxx/CVE-2025-3114.json
View File

@ -1,18 +1,231 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3114",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@tibco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Code Execution via Malicious Files:\u00a0Attackers can create specially crafted files with embedded code that may execute without adequate security validation, potentially leading to system compromise.\n\nSandbox Bypass Vulnerability:\u00a0A flaw in the TERR security mechanism allows attackers to bypass sandbox restrictions, enabling the execution of untrusted code without appropriate controls."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Spotfire",
"product": {
"product_data": [
{
"product_name": "Spotfire Enterprise Runtime for R",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "6",
"version_value": "1.4"
}
]
}
},
{
"product_name": "Spotfire Statistics Services",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "14",
"version_value": "0.6"
},
{
"version_affected": "=",
"version_value": "14.1.0"
},
{
"version_affected": "=",
"version_value": "14.2.0"
},
{
"version_affected": "=",
"version_value": "14.3.0"
},
{
"version_affected": "=",
"version_value": "14.4.0"
},
{
"version_affected": "=",
"version_value": "14.4.1"
}
]
}
},
{
"product_name": "Spotfire Analyst",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "14",
"version_value": "0.5"
},
{
"version_affected": "=",
"version_value": "14.1.0"
},
{
"version_affected": "=",
"version_value": "14.2.0"
},
{
"version_affected": "=",
"version_value": "14.3.0"
},
{
"version_affected": "=",
"version_value": "14.4.0"
},
{
"version_affected": "=",
"version_value": "14.4.1"
}
]
}
},
{
"product_name": "Deployment Kit used in Spotfire Server",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "14",
"version_value": "0.6"
},
{
"version_affected": "=",
"version_value": "14.1.0"
},
{
"version_affected": "=",
"version_value": "14.2.0"
},
{
"version_affected": "=",
"version_value": "14.3.0"
},
{
"version_affected": "=",
"version_value": "14.4.0"
},
{
"version_affected": "=",
"version_value": "14.4.1"
}
]
}
},
{
"product_name": "Spotfire Desktop",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "14",
"version_value": "4.1"
}
]
}
},
{
"product_name": "Spotfire for AWS Marketplace",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "4.1",
"status": "unknown",
"version": "14",
"versionType": "Patch"
}
],
"defaultStatus": "unknown"
}
}
]
}
},
{
"product_name": "Spotfire Enterprise Runtime for R - Server Edition",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1",
"version_value": "17.6"
},
{
"version_affected": "=",
"version_value": "1.18.0"
},
{
"version_affected": "=",
"version_value": "1.19.0"
},
{
"version_affected": "=",
"version_value": "1.20.0"
},
{
"version_affected": "=",
"version_value": "1.21.0"
},
{
"version_affected": "=",
"version_value": "1.21.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://community.spotfire.com/articles/spotfire/spotfire-security-advisory-april-08-2025-spotfire-cve-2025-3114-r3484/",
"refsource": "MISC",
"name": "https://community.spotfire.com/articles/spotfire/spotfire-security-advisory-april-08-2025-spotfire-cve-2025-3114-r3484/"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
}
}

99
2025/3xxx/CVE-2025-3131.json
View File

@ -1,18 +1,107 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3131",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@drupal.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Drupal ECA: Event - Condition - Action allows Cross Site Request Forgery.This issue affects ECA: Event - Condition - Action: from 0.0.0 before 1.1.12, from 2.0.0 before 2.0.16, from 2.1.0 before 2.1.7, from 0.0.0 before 1.2.*."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Drupal",
"product": {
"product_data": [
{
"product_name": "ECA: Event - Condition - Action",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0.0.0",
"version_value": "1.1.12"
},
{
"version_affected": "<",
"version_name": "2.0.0",
"version_value": "2.0.16"
},
{
"version_affected": "<",
"version_name": "2.1.0",
"version_value": "2.1.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.drupal.org/sa-contrib-2025-031",
"refsource": "MISC",
"name": "https://www.drupal.org/sa-contrib-2025-031"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Juraj Nemec (poker10)"
},
{
"lang": "en",
"value": "Benji Fisher (benjifisher)"
},
{
"lang": "en",
"value": "J\u00fcrgen Haas (jurgenhaas)"
},
{
"lang": "en",
"value": "Lee Rowlands (larowlan)"
},
{
"lang": "en",
"value": "Greg Knaddison (greggles)"
},
{
"lang": "en",
"value": "Juraj Nemec (poker10)"
}
]
}

85
2025/3xxx/CVE-2025-3474.json
View File

@ -1,18 +1,93 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3474",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@drupal.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing Authentication for Critical Function vulnerability in Drupal Panels allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Panels: from 0.0.0 before 4.9.0."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function",
"cweId": "CWE-306"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Drupal",
"product": {
"product_data": [
{
"product_name": "Panels",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0.0.0",
"version_value": "4.9.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.drupal.org/sa-contrib-2025-033",
"refsource": "MISC",
"name": "https://www.drupal.org/sa-contrib-2025-033"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Manuel Ad\u00e1n (manuel.adan)"
},
{
"lang": "en",
"value": "Jakob P (japerry)"
},
{
"lang": "en",
"value": "Manuel Ad\u00e1n (manuel.adan)"
},
{
"lang": "en",
"value": "Greg Knaddison (greggles)"
},
{
"lang": "en",
"value": "Drew Webber (mcdruid)"
}
]
}

94
2025/3xxx/CVE-2025-3475.json
View File

@ -1,18 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3475",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@drupal.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Allocation of Resources Without Limits or Throttling, Incorrect Authorization vulnerability in Drupal WEB-T allows Excessive Allocation, Content Spoofing.This issue affects WEB-T: from 0.0.0 before 1.1.0."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-770 Allocation of Resources Without Limits or Throttling",
"cweId": "CWE-770"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Drupal",
"product": {
"product_data": [
{
"product_name": "WEB-T",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0.0.0",
"version_value": "1.1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.drupal.org/sa-contrib-2025-030",
"refsource": "MISC",
"name": "https://www.drupal.org/sa-contrib-2025-030"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Jan Kellermann (jan kellermann)"
},
{
"lang": "en",
"value": "dragels"
},
{
"lang": "en",
"value": "Jan Kellermann (jan kellermann)"
},
{
"lang": "en",
"value": "Greg Knaddison (greggles)"
},
{
"lang": "en",
"value": "Juraj Nemec (poker10)"
}
]
}

18
2025/3xxx/CVE-2025-3476.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3476",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/3xxx/CVE-2025-3477.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3477",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/3xxx/CVE-2025-3478.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3478",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}