From 0a1bf17ffe178f3f20bac66e18f955a9b95aef33 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 15 Apr 2025 04:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2025/29xxx/CVE-2025-29983.json | 98 +++++++++++++++++++++++++++-- 2025/29xxx/CVE-2025-29984.json | 98 +++++++++++++++++++++++++++-- 2025/3xxx/CVE-2025-3612.json | 109 +++++++++++++++++++++++++++++++-- 2025/3xxx/CVE-2025-3613.json | 109 +++++++++++++++++++++++++++++++-- 4 files changed, 398 insertions(+), 16 deletions(-) diff --git a/2025/29xxx/CVE-2025-29983.json b/2025/29xxx/CVE-2025-29983.json index a1926e522b5..045abd16521 100644 --- a/2025/29xxx/CVE-2025-29983.json +++ b/2025/29xxx/CVE-2025-29983.json @@ -1,17 +1,107 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-29983", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@dell.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Dell Trusted Device, versions prior to 7.0.3.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-59: Improper Link Resolution Before File Access ('Link Following')", + "cweId": "CWE-59" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Dell", + "product": { + "product_data": [ + { + "product_name": "Dell Trusted Device Client", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "N/A", + "version_value": "7.0.3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.dell.com/support/kbdoc/en-us/000299528/dsa-2025-151", + "refsource": "MISC", + "name": "https://www.dell.com/support/kbdoc/en-us/000299528/dsa-2025-151" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "work_around": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Save data only to a known safe path or the default path.
" + } + ], + "value": "Save data only to a known safe path or the default path." + } + ], + "credits": [ + { + "lang": "en", + "value": "Dell Technologies would like to thank falconCorrup for reporting these issues." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/29xxx/CVE-2025-29984.json b/2025/29xxx/CVE-2025-29984.json index e6e0a0796a6..6a7dcfd8d5d 100644 --- a/2025/29xxx/CVE-2025-29984.json +++ b/2025/29xxx/CVE-2025-29984.json @@ -1,17 +1,107 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-29984", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@dell.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Dell Trusted Device, versions prior to 7.0.3.0, contain an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Dell", + "product": { + "product_data": [ + { + "product_name": "Dell Trusted Device Client", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "N/A", + "version_value": "7.0.3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.dell.com/support/kbdoc/en-us/000299528/dsa-2025-151", + "refsource": "MISC", + "name": "https://www.dell.com/support/kbdoc/en-us/000299528/dsa-2025-151" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "work_around": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Install only to the default installation path.
" + } + ], + "value": "Install only to the default installation path." + } + ], + "credits": [ + { + "lang": "en", + "value": "Dell Technologies would like to thank falconCorrup for reporting these issues." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/3xxx/CVE-2025-3612.json b/2025/3xxx/CVE-2025-3612.json index bd5d19c17ea..8e92e27cf47 100644 --- a/2025/3xxx/CVE-2025-3612.json +++ b/2025/3xxx/CVE-2025-3612.json @@ -1,17 +1,118 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3612", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as problematic, was found in Demtec Graphytics 5.0.7. This affects an unknown part of the file /visualization of the component HTTP GET Parameter Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Es wurde eine problematische Schwachstelle in Demtec Graphytics 5.0.7 gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Datei /visualization der Komponente HTTP GET Parameter Handler. Durch Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting", + "cweId": "CWE-79" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Code Injection", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Demtec", + "product": { + "product_data": [ + { + "product_name": "Graphytics", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.0.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.304671", + "refsource": "MISC", + "name": "https://vuldb.com/?id.304671" + }, + { + "url": "https://vuldb.com/?ctiid.304671", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.304671" + }, + { + "url": "https://vuldb.com/?submit.551123", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.551123" + }, + { + "url": "https://github.com/HexC0d3/graphlytic-xss-exploits/blob/main/reflected_xss.md", + "refsource": "MISC", + "name": "https://github.com/HexC0d3/graphlytic-xss-exploits/blob/main/reflected_xss.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "0xc0de (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5, + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N" } ] } diff --git a/2025/3xxx/CVE-2025-3613.json b/2025/3xxx/CVE-2025-3613.json index d3417e52b0a..ac2dde08f55 100644 --- a/2025/3xxx/CVE-2025-3613.json +++ b/2025/3xxx/CVE-2025-3613.json @@ -1,17 +1,118 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3613", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in Demtec Graphytics 5.0.7 and classified as problematic. This vulnerability affects unknown code of the file /visualization. The manipulation of the argument description leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "In Demtec Graphytics 5.0.7 wurde eine problematische Schwachstelle gefunden. Betroffen ist eine unbekannte Verarbeitung der Datei /visualization. Mittels dem Manipulieren des Arguments description mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting", + "cweId": "CWE-79" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Code Injection", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Demtec", + "product": { + "product_data": [ + { + "product_name": "Graphytics", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.0.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.304672", + "refsource": "MISC", + "name": "https://vuldb.com/?id.304672" + }, + { + "url": "https://vuldb.com/?ctiid.304672", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.304672" + }, + { + "url": "https://vuldb.com/?submit.551172", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.551172" + }, + { + "url": "https://github.com/HexC0d3/graphlytic-xss-exploits/blob/main/stored_xss.md", + "refsource": "MISC", + "name": "https://github.com/HexC0d3/graphlytic-xss-exploits/blob/main/stored_xss.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "addy_pwn (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ] }