diff --git a/2020/15xxx/CVE-2020-15187.json b/2020/15xxx/CVE-2020-15187.json
index ce64bf787d2..5b1ae909cc9 100644
--- a/2020/15xxx/CVE-2020-15187.json
+++ b/2020/15xxx/CVE-2020-15187.json
@@ -1,70 +1,28 @@
{
- "CVE_data_meta": {
- "ASSIGNER": "security-advisories@github.com",
- "ID": "CVE-2020-15187",
- "STATE": "PUBLIC",
- "TITLE": "Duplicate plugin entries in Helm"
- },
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "helm",
- "version": {
- "version_data": [
- {
- "version_value": ">= 2.0.0, < 2.16.11"
- },
- {
- "version_value": ">= 3.0.0, < 3.3.2"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "helm"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
"data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "CVE_data_meta": {
+ "ID": "CVE-2020-15187",
+ "ASSIGNER": "security-advisories@github.com",
+ "STATE": "PUBLIC"
+ },
"description": {
"description_data": [
{
"lang": "eng",
- "value": "In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs to modify a plugin's install hooks, causing a local execution attack. To perform this attack, an attacker must have write access to the git repository or plugin archive (.tgz) while being downloaded (which can occur during a MITM attack on a non-SSL connection). This issue has been patched in Helm 2.16.11 and Helm 3.3.2. As a possible workaround make sure to install plugins using a secure connection protocol like SSL."
+ "value": "In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs to modify a plugin's install hooks, causing a local execution attack.\nTo perform this attack, an attacker must have write access to the git repository or plugin archive (.tgz) while being downloaded (which can occur during a MITM attack on a non-SSL connection). This issue has been patched in Helm 2.16.11 and Helm 3.3.2.\nAs a possible workaround make sure to install plugins using a secure connection protocol like SSL."
}
]
},
- "impact": {
- "cvss": {
- "attackComplexity": "HIGH",
- "attackVector": "NETWORK",
- "availabilityImpact": "NONE",
- "baseScore": 3,
- "baseSeverity": "LOW",
- "confidentialityImpact": "NONE",
- "integrityImpact": "LOW",
- "privilegesRequired": "LOW",
- "scope": "CHANGED",
- "userInteraction": "REQUIRED",
- "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N",
- "version": "3.1"
- }
- },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
- "value": "{\"CWE-694\":\"Use of Multiple Resources with Duplicate Identifier\"}"
+ "value": "CWE-694: Use of Multiple Resources with Duplicate Identifier",
+ "cweId": "CWE-694"
}
]
},
@@ -72,28 +30,100 @@
"description": [
{
"lang": "eng",
- "value": "{\"CWE-74\":\"Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')\"}"
+ "value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')",
+ "cweId": "CWE-74"
}
]
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "helm",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "helm",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": ">= 2.0.0, < 2.16.11"
+ },
+ {
+ "version_affected": "=",
+ "version_value": ">= 3.0.0, < 3.3.2"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "name": "https://github.com/helm/helm/security/advisories/GHSA-c52f-pq47-2r9j",
- "refsource": "CONFIRM",
- "url": "https://github.com/helm/helm/security/advisories/GHSA-c52f-pq47-2r9j"
+ "url": "https://github.com/helm/helm/security/advisories/GHSA-c52f-pq47-2r9j",
+ "refsource": "MISC",
+ "name": "https://github.com/helm/helm/security/advisories/GHSA-c52f-pq47-2r9j"
},
{
- "name": "https://github.com/helm/helm/commit/d9ef5ce8bad512e325390c0011be1244b8380e4b",
+ "url": "https://github.com/helm/helm/commit/6aab63765f99050b115f0aec3d6350c85e8da946",
"refsource": "MISC",
- "url": "https://github.com/helm/helm/commit/d9ef5ce8bad512e325390c0011be1244b8380e4b"
+ "name": "https://github.com/helm/helm/commit/6aab63765f99050b115f0aec3d6350c85e8da946"
+ },
+ {
+ "url": "https://github.com/helm/helm/commit/ac7c07c37d87e09797f714fb57aa5e9cb99d9450",
+ "refsource": "MISC",
+ "name": "https://github.com/helm/helm/commit/ac7c07c37d87e09797f714fb57aa5e9cb99d9450"
+ },
+ {
+ "url": "https://github.com/helm/helm/commit/b0296c0522e837d65f944beefa3fb64fd08ac304",
+ "refsource": "MISC",
+ "name": "https://github.com/helm/helm/commit/b0296c0522e837d65f944beefa3fb64fd08ac304"
+ },
+ {
+ "url": "https://github.com/helm/helm/commit/c8d6b01d72c9604e43ee70d0d78fadd54c2d8499",
+ "refsource": "MISC",
+ "name": "https://github.com/helm/helm/commit/c8d6b01d72c9604e43ee70d0d78fadd54c2d8499"
+ },
+ {
+ "url": "https://github.com/helm/helm/commit/d9ef5ce8bad512e325390c0011be1244b8380e4b",
+ "refsource": "MISC",
+ "name": "https://github.com/helm/helm/commit/d9ef5ce8bad512e325390c0011be1244b8380e4b"
+ },
+ {
+ "url": "https://github.com/helm/helm/commit/f2ede29480b507b7d8bb152dd8b6b86248b00658",
+ "refsource": "MISC",
+ "name": "https://github.com/helm/helm/commit/f2ede29480b507b7d8bb152dd8b6b86248b00658"
}
]
},
"source": {
"advisory": "GHSA-c52f-pq47-2r9j",
"discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "HIGH",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 3,
+ "baseSeverity": "LOW",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "LOW",
+ "scope": "CHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N",
+ "version": "3.1"
+ }
+ ]
}
}
\ No newline at end of file
diff --git a/2025/5xxx/CVE-2025-5307.json b/2025/5xxx/CVE-2025-5307.json
index 70112653cd9..419325acc13 100644
--- a/2025/5xxx/CVE-2025-5307.json
+++ b/2025/5xxx/CVE-2025-5307.json
@@ -1,17 +1,113 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-5307",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "ics-cert@hq.dhs.gov",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Santesoft Sante DICOM Viewer Pro contains a memory corruption vulnerability. A local attacker could exploit this issue to potentially disclose information and to execute arbitrary code on affected installations of Sante DICOM Viewer Pro."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-125 Out-of-bounds Read",
+ "cweId": "CWE-125"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Santesoft",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Sante DICOM Viewer Pro",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "0",
+ "version_value": "14.2.1"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-148-01",
+ "refsource": "MISC",
+ "name": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-148-01"
+ },
+ {
+ "url": "https://www.santesoft.com/win/sante-dicom-viewer-pro/download.html",
+ "refsource": "MISC",
+ "name": "https://www.santesoft.com/win/sante-dicom-viewer-pro/download.html"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "advisory": "ICSMA-25-148-01",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Santesoft recommends users upgrade Sante DICOM Viewer Pro to version v14.2.2.\n\n
"
+ }
+ ],
+ "value": "Santesoft recommends users upgrade Sante DICOM Viewer Pro to version v14.2.2 https://www.santesoft.com/win/sante-dicom-viewer-pro/download.html ."
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Michael Heinzl reported this vulnerability to CISA."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2025/5xxx/CVE-2025-5331.json b/2025/5xxx/CVE-2025-5331.json
index 463b2d97b9c..de5e1f634bb 100644
--- a/2025/5xxx/CVE-2025-5331.json
+++ b/2025/5xxx/CVE-2025-5331.json
@@ -1,17 +1,118 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-5331",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@vuldb.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as critical. This vulnerability affects unknown code of the component NLST Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
+ },
+ {
+ "lang": "deu",
+ "value": "In PCMan FTP Server 2.0.7 wurde eine kritische Schwachstelle gefunden. Hierbei betrifft es unbekannten Programmcode der Komponente NLST Command Handler. Durch das Manipulieren mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Buffer Overflow",
+ "cweId": "CWE-120"
+ }
+ ]
+ },
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Memory Corruption",
+ "cweId": "CWE-119"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "PCMan",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "FTP Server",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2.0.7"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://vuldb.com/?id.310504",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?id.310504"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.310504",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?ctiid.310504"
+ },
+ {
+ "url": "https://vuldb.com/?submit.585404",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?submit.585404"
+ },
+ {
+ "url": "https://github.com/r3ng4f/PCMan_1/blob/main/exploit02.txt",
+ "refsource": "MISC",
+ "name": "https://github.com/r3ng4f/PCMan_1/blob/main/exploit02.txt"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "r3ng4f (VulDB User)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "baseScore": 7.3,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+ "baseSeverity": "HIGH"
+ },
+ {
+ "version": "3.0",
+ "baseScore": 7.3,
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+ "baseSeverity": "HIGH"
+ },
+ {
+ "version": "2.0",
+ "baseScore": 7.5,
+ "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
]
}
diff --git a/2025/5xxx/CVE-2025-5332.json b/2025/5xxx/CVE-2025-5332.json
index 0639edfc016..9c6cd445fff 100644
--- a/2025/5xxx/CVE-2025-5332.json
+++ b/2025/5xxx/CVE-2025-5332.json
@@ -1,17 +1,123 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-5332",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@vuldb.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability was found in 1000 Projects Online Notice Board 1.0 and classified as critical. This issue affects some unknown processing of the file /index.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
+ },
+ {
+ "lang": "deu",
+ "value": "Eine kritische Schwachstelle wurde in 1000 Projects Online Notice Board 1.0 gefunden. Davon betroffen ist unbekannter Code der Datei /index.php. Durch Manipulieren des Arguments email mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "SQL Injection",
+ "cweId": "CWE-89"
+ }
+ ]
+ },
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Injection",
+ "cweId": "CWE-74"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "1000 Projects",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Online Notice Board",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "1.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://vuldb.com/?id.310505",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?id.310505"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.310505",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?ctiid.310505"
+ },
+ {
+ "url": "https://vuldb.com/?submit.586566",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?submit.586566"
+ },
+ {
+ "url": "https://github.com/ubfbuz3/cve/issues/16",
+ "refsource": "MISC",
+ "name": "https://github.com/ubfbuz3/cve/issues/16"
+ },
+ {
+ "url": "https://1000projects.org/",
+ "refsource": "MISC",
+ "name": "https://1000projects.org/"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "gaolei (VulDB User)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "baseScore": 7.3,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+ "baseSeverity": "HIGH"
+ },
+ {
+ "version": "3.0",
+ "baseScore": 7.3,
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+ "baseSeverity": "HIGH"
+ },
+ {
+ "version": "2.0",
+ "baseScore": 7.5,
+ "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
]
}
diff --git a/2025/5xxx/CVE-2025-5341.json b/2025/5xxx/CVE-2025-5341.json
new file mode 100644
index 00000000000..12f64b5a8f0
--- /dev/null
+++ b/2025/5xxx/CVE-2025-5341.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-5341",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file