admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 14:08:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-05-29 23:00:39 +00:00
parent 1e7015d20e
commit 130acfe6fa
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
5 changed files with 421 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
2020/15xxx/CVE-2020-15187.json
View File

@ -1,14 +1,47 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15187",
"STATE": "PUBLIC",
"TITLE": "Duplicate plugin entries in Helm"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs to modify a plugin's install hooks, causing a local execution attack.\nTo perform this attack, an attacker must have write access to the git repository or plugin archive (.tgz) while being downloaded (which can occur during a MITM attack on a non-SSL connection). This issue has been patched in Helm 2.16.11 and Helm 3.3.2.\nAs a possible workaround make sure to install plugins using a secure connection protocol like SSL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-694: Use of Multiple Resources with Duplicate Identifier",
"cweId": "CWE-694"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "helm",
"product": {
"product_data": [
{
@ -16,34 +49,68 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 2.0.0, < 2.16.11"
},
{
"version_affected": "=",
"version_value": ">= 3.0.0, < 3.3.2"
}
]
}
}
]
},
"vendor_name": "helm"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references": {
"reference_data": [
{
"lang": "eng",
"value": "In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs to modify a plugin's install hooks, causing a local execution attack. To perform this attack, an attacker must have write access to the git repository or plugin archive (.tgz) while being downloaded (which can occur during a MITM attack on a non-SSL connection). This issue has been patched in Helm 2.16.11 and Helm 3.3.2. As a possible workaround make sure to install plugins using a secure connection protocol like SSL."
"url": "https://github.com/helm/helm/security/advisories/GHSA-c52f-pq47-2r9j",
"refsource": "MISC",
"name": "https://github.com/helm/helm/security/advisories/GHSA-c52f-pq47-2r9j"
},
{
"url": "https://github.com/helm/helm/commit/6aab63765f99050b115f0aec3d6350c85e8da946",
"refsource": "MISC",
"name": "https://github.com/helm/helm/commit/6aab63765f99050b115f0aec3d6350c85e8da946"
},
{
"url": "https://github.com/helm/helm/commit/ac7c07c37d87e09797f714fb57aa5e9cb99d9450",
"refsource": "MISC",
"name": "https://github.com/helm/helm/commit/ac7c07c37d87e09797f714fb57aa5e9cb99d9450"
},
{
"url": "https://github.com/helm/helm/commit/b0296c0522e837d65f944beefa3fb64fd08ac304",
"refsource": "MISC",
"name": "https://github.com/helm/helm/commit/b0296c0522e837d65f944beefa3fb64fd08ac304"
},
{
"url": "https://github.com/helm/helm/commit/c8d6b01d72c9604e43ee70d0d78fadd54c2d8499",
"refsource": "MISC",
"name": "https://github.com/helm/helm/commit/c8d6b01d72c9604e43ee70d0d78fadd54c2d8499"
},
{
"url": "https://github.com/helm/helm/commit/d9ef5ce8bad512e325390c0011be1244b8380e4b",
"refsource": "MISC",
"name": "https://github.com/helm/helm/commit/d9ef5ce8bad512e325390c0011be1244b8380e4b"
},
{
"url": "https://github.com/helm/helm/commit/f2ede29480b507b7d8bb152dd8b6b86248b00658",
"refsource": "MISC",
"name": "https://github.com/helm/helm/commit/f2ede29480b507b7d8bb152dd8b6b86248b00658"
}
]
},
"source": {
"advisory": "GHSA-c52f-pq47-2r9j",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
@ -57,43 +124,6 @@
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "{\"CWE-694\":\"Use of Multiple Resources with Duplicate Identifier\"}"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "{\"CWE-74\":\"Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')\"}"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/helm/helm/security/advisories/GHSA-c52f-pq47-2r9j",
"refsource": "CONFIRM",
"url": "https://github.com/helm/helm/security/advisories/GHSA-c52f-pq47-2r9j"
},
{
"name": "https://github.com/helm/helm/commit/d9ef5ce8bad512e325390c0011be1244b8380e4b",
"refsource": "MISC",
"url": "https://github.com/helm/helm/commit/d9ef5ce8bad512e325390c0011be1244b8380e4b"
}
]
},
"source": {
"advisory": "GHSA-c52f-pq47-2r9j",
"discovery": "UNKNOWN"
}
}

104
2025/5xxx/CVE-2025-5307.json
View File

@ -1,17 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-5307",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Santesoft Sante DICOM Viewer Pro contains a memory corruption vulnerability. A local attacker could exploit this issue to potentially disclose information and to execute arbitrary code on affected installations of Sante DICOM Viewer Pro."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Santesoft",
"product": {
"product_data": [
{
"product_name": "Sante DICOM Viewer Pro",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "14.2.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-148-01",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-148-01"
},
{
"url": "https://www.santesoft.com/win/sante-dicom-viewer-pro/download.html",
"refsource": "MISC",
"name": "https://www.santesoft.com/win/sante-dicom-viewer-pro/download.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "ICSMA-25-148-01",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<span style=\"background-color: rgb(255, 255, 255);\">Santesoft recommends users upgrade Sante DICOM Viewer Pro to version </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.santesoft.com/win/sante-dicom-viewer-pro/download.html\">v14.2.2</a><span style=\"background-color: rgb(255, 255, 255);\">.</span>\n\n<br>"
}
],
"value": "Santesoft recommends users upgrade Sante DICOM Viewer Pro to version v14.2.2 https://www.santesoft.com/win/sante-dicom-viewer-pro/download.html ."
}
],
"credits": [
{
"lang": "en",
"value": "Michael Heinzl reported this vulnerability to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

109
2025/5xxx/CVE-2025-5331.json
View File

@ -1,17 +1,118 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-5331",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as critical. This vulnerability affects unknown code of the component NLST Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "In PCMan FTP Server 2.0.7 wurde eine kritische Schwachstelle gefunden. Hierbei betrifft es unbekannten Programmcode der Komponente NLST Command Handler. Durch das Manipulieren mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow",
"cweId": "CWE-120"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Memory Corruption",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PCMan",
"product": {
"product_data": [
{
"product_name": "FTP Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.310504",
"refsource": "MISC",
"name": "https://vuldb.com/?id.310504"
},
{
"url": "https://vuldb.com/?ctiid.310504",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.310504"
},
{
"url": "https://vuldb.com/?submit.585404",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.585404"
},
{
"url": "https://github.com/r3ng4f/PCMan_1/blob/main/exploit02.txt",
"refsource": "MISC",
"name": "https://github.com/r3ng4f/PCMan_1/blob/main/exploit02.txt"
}
]
},
"credits": [
{
"lang": "en",
"value": "r3ng4f (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 7.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 7.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
]
}

114
2025/5xxx/CVE-2025-5332.json
View File

@ -1,17 +1,123 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-5332",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in 1000 Projects Online Notice Board 1.0 and classified as critical. This issue affects some unknown processing of the file /index.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "Eine kritische Schwachstelle wurde in 1000 Projects Online Notice Board 1.0 gefunden. Davon betroffen ist unbekannter Code der Datei /index.php. Durch Manipulieren des Arguments email mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection",
"cweId": "CWE-89"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Injection",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "1000 Projects",
"product": {
"product_data": [
{
"product_name": "Online Notice Board",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.310505",
"refsource": "MISC",
"name": "https://vuldb.com/?id.310505"
},
{
"url": "https://vuldb.com/?ctiid.310505",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.310505"
},
{
"url": "https://vuldb.com/?submit.586566",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.586566"
},
{
"url": "https://github.com/ubfbuz3/cve/issues/16",
"refsource": "MISC",
"name": "https://github.com/ubfbuz3/cve/issues/16"
},
{
"url": "https://1000projects.org/",
"refsource": "MISC",
"name": "https://1000projects.org/"
}
]
},
"credits": [
{
"lang": "en",
"value": "gaolei (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 7.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 7.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
]
}

18
2025/5xxx/CVE-2025-5341.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-5341",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}