From 0851ef705c6f17a705141c6cb209f0725446b39b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 11 Feb 2025 05:00:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/12xxx/CVE-2024-12599.json | 76 ++++++++++++++++++++-- 2024/22xxx/CVE-2024-22126.json | 17 +++-- 2025/1xxx/CVE-2025-1172.json | 114 +++++++++++++++++++++++++++++++-- 2025/1xxx/CVE-2025-1173.json | 114 +++++++++++++++++++++++++++++++-- 2025/1xxx/CVE-2025-1211.json | 90 ++++++++++++++++++++++++-- 2025/1xxx/CVE-2025-1217.json | 18 ++++++ 2025/1xxx/CVE-2025-1218.json | 18 ++++++ 2025/1xxx/CVE-2025-1219.json | 18 ++++++ 2025/1xxx/CVE-2025-1220.json | 18 ++++++ 9 files changed, 461 insertions(+), 22 deletions(-) create mode 100644 2025/1xxx/CVE-2025-1217.json create mode 100644 2025/1xxx/CVE-2025-1218.json create mode 100644 2025/1xxx/CVE-2025-1219.json create mode 100644 2025/1xxx/CVE-2025-1220.json diff --git a/2024/12xxx/CVE-2024-12599.json b/2024/12xxx/CVE-2024-12599.json index c40475b1770..a398464b05e 100644 --- a/2024/12xxx/CVE-2024-12599.json +++ b/2024/12xxx/CVE-2024-12599.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-12599", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "devitemsllc", + "product": { + "product_data": [ + { + "product_name": "HT Mega \u2013 Absolute Addons For Elementor", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "2.8.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/20a67cde-612a-4c57-83d6-a5d8f3716a2d?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/20a67cde-612a-4c57-83d6-a5d8f3716a2d?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3234495/ht-mega-for-elementor", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3234495/ht-mega-for-elementor" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "D.Sim" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 7.2, + "baseSeverity": "HIGH" } ] } diff --git a/2024/22xxx/CVE-2024-22126.json b/2024/22xxx/CVE-2024-22126.json index defb8af5a36..4ae8f12ea45 100644 --- a/2024/22xxx/CVE-2024-22126.json +++ b/2024/22xxx/CVE-2024-22126.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "The User Admin application of SAP NetWeaver AS for Java - version 7.50, insufficiently validates and improperly encodes\u00a0the incoming URL parameters before including them into the redirect URL. This results in Cross-Site Scripting (XSS) vulnerability, leading to a high impact on confidentiality and mild impact on integrity and availability.\n\n" + "value": "The User Admin application of SAP NetWeaver AS for Java - version 7.50, insufficiently validates and improperly encodes\u00a0the incoming URL parameters before including them into the redirect URL. This results in Cross-Site Scripting (XSS) vulnerability, leading to a high impact on confidentiality and mild impact on integrity and availability." } ] }, @@ -63,6 +63,11 @@ "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "refsource": "MISC", "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://me.sap.com/notes/3557138", + "refsource": "MISC", + "name": "https://me.sap.com/notes/3557138" } ] }, @@ -77,15 +82,15 @@ { "attackComplexity": "LOW", "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 8.8, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" } ] diff --git a/2025/1xxx/CVE-2025-1172.json b/2025/1xxx/CVE-2025-1172.json index ad0108ee2e0..14c8fa1f880 100644 --- a/2025/1xxx/CVE-2025-1172.json +++ b/2025/1xxx/CVE-2025-1172.json @@ -1,17 +1,123 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-1172", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, has been found in 1000 Projects Bookstore Management System 1.0. Affected by this issue is some unknown functionality of the file addtocart.php. The manipulation of the argument bcid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in 1000 Projects Bookstore Management System 1.0 entdeckt. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei addtocart.php. Dank Manipulation des Arguments bcid mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection", + "cweId": "CWE-89" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Injection", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "1000 Projects", + "product": { + "product_data": [ + { + "product_name": "Bookstore Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.295076", + "refsource": "MISC", + "name": "https://vuldb.com/?id.295076" + }, + { + "url": "https://vuldb.com/?ctiid.295076", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.295076" + }, + { + "url": "https://vuldb.com/?submit.495183", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.495183" + }, + { + "url": "https://github.com/NeoVuln/CVE/issues/1", + "refsource": "MISC", + "name": "https://github.com/NeoVuln/CVE/issues/1" + }, + { + "url": "https://1000projects.org/", + "refsource": "MISC", + "name": "https://1000projects.org/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Neo-O (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2025/1xxx/CVE-2025-1173.json b/2025/1xxx/CVE-2025-1173.json index 799ce91afa1..4b3c0f96f24 100644 --- a/2025/1xxx/CVE-2025-1173.json +++ b/2025/1xxx/CVE-2025-1173.json @@ -1,17 +1,123 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-1173", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, was found in 1000 Projects Bookstore Management System 1.0. This affects an unknown part of the file process_users_del.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in 1000 Projects Bookstore Management System 1.0 gefunden. Es geht dabei um eine nicht klar definierte Funktion der Datei process_users_del.php. Mit der Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection", + "cweId": "CWE-89" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Injection", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "1000 Projects", + "product": { + "product_data": [ + { + "product_name": "Bookstore Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.295077", + "refsource": "MISC", + "name": "https://vuldb.com/?id.295077" + }, + { + "url": "https://vuldb.com/?ctiid.295077", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.295077" + }, + { + "url": "https://vuldb.com/?submit.495309", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.495309" + }, + { + "url": "https://github.com/NeoVuln/CVE/issues/2", + "refsource": "MISC", + "name": "https://github.com/NeoVuln/CVE/issues/2" + }, + { + "url": "https://1000projects.org/", + "refsource": "MISC", + "name": "https://1000projects.org/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Neo-O (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.7, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.7, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.8, + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P" } ] } diff --git a/2025/1xxx/CVE-2025-1211.json b/2025/1xxx/CVE-2025-1211.json index 2eba0e462d7..388a4f447f5 100644 --- a/2025/1xxx/CVE-2025-1211.json +++ b/2025/1xxx/CVE-2025-1211.json @@ -1,17 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-1211", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Versions of the package hackney from 0.0.0 are vulnerable to Server-side Request Forgery (SSRF) due to improper parsing of URLs by URI built-in module and hackey. Given the URL http://127.0.0.1?@127.2.2.2/, the URI function will parse and see the host as 127.0.0.1 (which is correct), and hackney will refer the host as 127.2.2.2/. \rThis vulnerability can be exploited when users rely on the URL function for host checking." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Server-side Request Forgery (SSRF)", + "cweId": "CWE-918" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "hackney", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0.0.0", + "version_value": "*" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.snyk.io/vuln/SNYK-HEX-HACKNEY-6516131", + "refsource": "MISC", + "name": "https://security.snyk.io/vuln/SNYK-HEX-HACKNEY-6516131" + }, + { + "url": "https://gist.github.com/snoopysecurity/996de09ec0cfd0ebdcfdda8ff515deb1", + "refsource": "MISC", + "name": "https://gist.github.com/snoopysecurity/996de09ec0cfd0ebdcfdda8ff515deb1" + }, + { + "url": "https://www.blackhat.com/docs/us-17/thursday/us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf", + "refsource": "MISC", + "name": "https://www.blackhat.com/docs/us-17/thursday/us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Sam Sanoop" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "exploitCodeMaturity": "PROOF_OF_CONCEPT", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L/E:P" } ] } diff --git a/2025/1xxx/CVE-2025-1217.json b/2025/1xxx/CVE-2025-1217.json new file mode 100644 index 00000000000..c753c1cbadc --- /dev/null +++ b/2025/1xxx/CVE-2025-1217.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-1217", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/1xxx/CVE-2025-1218.json b/2025/1xxx/CVE-2025-1218.json new file mode 100644 index 00000000000..c80c20f7653 --- /dev/null +++ b/2025/1xxx/CVE-2025-1218.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-1218", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/1xxx/CVE-2025-1219.json b/2025/1xxx/CVE-2025-1219.json new file mode 100644 index 00000000000..e31a49e7068 --- /dev/null +++ b/2025/1xxx/CVE-2025-1219.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-1219", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/1xxx/CVE-2025-1220.json b/2025/1xxx/CVE-2025-1220.json new file mode 100644 index 00000000000..89511d886d6 --- /dev/null +++ b/2025/1xxx/CVE-2025-1220.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-1220", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file