diff --git a/2024/12xxx/CVE-2024-12345.json b/2024/12xxx/CVE-2024-12345.json index 3c1ed096c33..25bf75d29b9 100644 --- a/2024/12xxx/CVE-2024-12345.json +++ b/2024/12xxx/CVE-2024-12345.json @@ -1,17 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-12345", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as problematic was found in INW Krbyyyzo 25.2002. Affected by this vulnerability is an unknown functionality of the file /gbo.aspx of the component Daily Huddle Site. The manipulation of the argument s leads to resource consumption. It is possible to launch the attack on the local host. Other endpoints might be affected as well." + }, + { + "lang": "deu", + "value": "In INW Krbyyyzo 25.2002 wurde eine problematische Schwachstelle entdeckt. Hierbei betrifft es unbekannten Programmcode der Datei /gbo.aspx der Komponente Daily Huddle Site. Durch das Manipulieren des Arguments s mit unbekannten Daten kann eine resource consumption-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Resource Consumption", + "cweId": "CWE-400" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service", + "cweId": "CWE-404" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "INW", + "product": { + "product_data": [ + { + "product_name": "Krbyyyzo", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "25.2002" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.293509", + "refsource": "MISC", + "name": "https://vuldb.com/?id.293509" + }, + { + "url": "https://vuldb.com/?ctiid.293509", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.293509" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.4, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.4, + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 4.3, + "vectorString": "AV:L/AC:L/Au:M/C:N/I:N/A:C" } ] } diff --git a/2024/55xxx/CVE-2024-55925.json b/2024/55xxx/CVE-2024-55925.json index 4ed1dcd233f..e586a39fe53 100644 --- a/2024/55xxx/CVE-2024-55925.json +++ b/2024/55xxx/CVE-2024-55925.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "API Security bypass through header manipulation" + "value": "In Xerox Workplace Suite, an API restricted to specific hosts can be bypassed by manipulating the Host header. If the server improperly validates or trusts the Host header without verifying the actual destination, an attacker can forge a value to gain unauthorized access. This exploit targets improper host validation, potentially exposing sensitive API endpoints." } ] }, diff --git a/2024/55xxx/CVE-2024-55926.json b/2024/55xxx/CVE-2024-55926.json index 57f2d6f9bbd..d1f1535c4e9 100644 --- a/2024/55xxx/CVE-2024-55926.json +++ b/2024/55xxx/CVE-2024-55926.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Arbitrary file upload, deletion and read through header manipulation" + "value": "A vulnerability found in Xerox Workplace Suite allows arbitrary file read, upload, and deletion on the server through crafted header manipulation. By exploiting improper validation of headers, attackers can gain unauthorized access to data" } ] }, diff --git a/2024/55xxx/CVE-2024-55927.json b/2024/55xxx/CVE-2024-55927.json index 413b63512b4..fbb9593d8fa 100644 --- a/2024/55xxx/CVE-2024-55927.json +++ b/2024/55xxx/CVE-2024-55927.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Flawed token generation implementation & Hard-coded key implementation" + "value": "A vulnerability in Xerox Workplace Suite arises from flawed token generation and the use of hard-coded keys. These weaknesses allow attackers to predict or forge tokens, leading to unauthorized access to sensitive functions." } ] }, diff --git a/2024/55xxx/CVE-2024-55928.json b/2024/55xxx/CVE-2024-55928.json index e2414a98b7a..95abc5bf1b5 100644 --- a/2024/55xxx/CVE-2024-55928.json +++ b/2024/55xxx/CVE-2024-55928.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Clear text secrets returned & Remote system secrets in clear text" + "value": "Xerox Workplace Suite exposes sensitive secrets in clear text, both locally and remotely. This vulnerability allows attackers to intercept or access secrets without encryption" } ] }, diff --git a/2024/55xxx/CVE-2024-55929.json b/2024/55xxx/CVE-2024-55929.json index 8bba8b9b51d..40280a3bf5e 100644 --- a/2024/55xxx/CVE-2024-55929.json +++ b/2024/55xxx/CVE-2024-55929.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Mail spoofing" + "value": "A mail spoofing vulnerability in Xerox Workplace Suite allows attackers to forge email headers, making it appear as though messages are sent from trusted sources." } ] }, diff --git a/2024/55xxx/CVE-2024-55930.json b/2024/55xxx/CVE-2024-55930.json index e4d3fff4ee9..8076c98d008 100644 --- a/2024/55xxx/CVE-2024-55930.json +++ b/2024/55xxx/CVE-2024-55930.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Weak default folder permissions" + "value": "Xerox Workplace Suite has weak default folder permissions that allow unauthorized users to access, modify, or delete files" } ] }, diff --git a/2024/55xxx/CVE-2024-55931.json b/2024/55xxx/CVE-2024-55931.json index ee20999609d..b7dbedf7775 100644 --- a/2024/55xxx/CVE-2024-55931.json +++ b/2024/55xxx/CVE-2024-55931.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-55931", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Xerox Workplace Suite stores tokens in session storage, which may expose them to potential access if a user's session is compromised.\u00a0\n\nThe patch for this vulnerability will be included in a future release of Workplace Suite, and customers will be notified through an update to the security bulletin." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-922 Insecure Storage of Sensitive Information", + "cweId": "CWE-922" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Xerox", + "product": { + "product_data": [ + { + "product_name": "Xerox Workplace Suite", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "5.6.701.9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2025/01/Xerox-Security-Bulletin-XRX25-002-for-Xerox%C2%AE-Workplace-Suite%C2%AE.pdf", + "refsource": "MISC", + "name": "https://securitydocs.business.xerox.com/wp-content/uploads/2025/01/Xerox-Security-Bulletin-XRX25-002-for-Xerox%C2%AE-Workplace-Suite%C2%AE.pdf" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2025/0xxx/CVE-2025-0695.json b/2025/0xxx/CVE-2025-0695.json index 9c41cea8844..f5af992c836 100644 --- a/2025/0xxx/CVE-2025-0695.json +++ b/2025/0xxx/CVE-2025-0695.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0695", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "prodsec@nozominetworks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Allocation of Resources Without Limits or\u00a0Throttling vulnerability in Cesanta Frozen versions less than 1.7 allows an attacker to induce a crash of the component embedding the library by supplying a maliciously crafted JSON as input." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-770 Allocation of Resources Without Limits or Throttling", + "cweId": "CWE-770" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cesanta", + "product": { + "product_data": [ + { + "product_name": "Frozen", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "1.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-0695", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-0695" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Diego Zaffaroni of Nozomi Networks found this bug during a security research activity." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2025/0xxx/CVE-2025-0696.json b/2025/0xxx/CVE-2025-0696.json index 9f1efd9cf6a..f0543c621a8 100644 --- a/2025/0xxx/CVE-2025-0696.json +++ b/2025/0xxx/CVE-2025-0696.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0696", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "prodsec@nozominetworks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A NULL Pointer Dereference\u00a0vulnerability in Cesanta Frozen versions less than 1.7 allows an attacker to induce a crash of the component embedding the library by supplying a maliciously crafted JSON as input." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476 NULL Pointer Dereference", + "cweId": "CWE-476" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cesanta", + "product": { + "product_data": [ + { + "product_name": "Frozen", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "1.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-0696", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-0696" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Diego Zaffaroni of Nozomi Networks found this bug during a security research activity." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2025/0xxx/CVE-2025-0734.json b/2025/0xxx/CVE-2025-0734.json new file mode 100644 index 00000000000..70c5f22c33a --- /dev/null +++ b/2025/0xxx/CVE-2025-0734.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-0734", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/0xxx/CVE-2025-0735.json b/2025/0xxx/CVE-2025-0735.json new file mode 100644 index 00000000000..e5a0f49b695 --- /dev/null +++ b/2025/0xxx/CVE-2025-0735.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-0735", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/0xxx/CVE-2025-0736.json b/2025/0xxx/CVE-2025-0736.json new file mode 100644 index 00000000000..b606328fd82 --- /dev/null +++ b/2025/0xxx/CVE-2025-0736.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-0736", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file