From 131ca8cd8c153b5c2727722b763a81463e1557b4 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 6 Mar 2025 23:00:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/57xxx/CVE-2024-57972.json | 2 +- 2025/27xxx/CVE-2025-27598.json | 90 ++++++++++++++++++++++++-- 2025/2xxx/CVE-2025-2044.json | 114 +++++++++++++++++++++++++++++++-- 2025/2xxx/CVE-2025-2046.json | 114 +++++++++++++++++++++++++++++++-- 2025/2xxx/CVE-2025-2047.json | 114 +++++++++++++++++++++++++++++++-- 2025/2xxx/CVE-2025-2049.json | 114 +++++++++++++++++++++++++++++++-- 2025/2xxx/CVE-2025-2079.json | 18 ++++++ 2025/2xxx/CVE-2025-2080.json | 18 ++++++ 2025/2xxx/CVE-2025-2081.json | 18 ++++++ 2025/2xxx/CVE-2025-2082.json | 18 ++++++ 10 files changed, 599 insertions(+), 21 deletions(-) create mode 100644 2025/2xxx/CVE-2025-2079.json create mode 100644 2025/2xxx/CVE-2025-2080.json create mode 100644 2025/2xxx/CVE-2025-2081.json create mode 100644 2025/2xxx/CVE-2025-2082.json diff --git a/2024/57xxx/CVE-2024-57972.json b/2024/57xxx/CVE-2024-57972.json index 271f3722cf8..66ebfcf7129 100644 --- a/2024/57xxx/CVE-2024-57972.json +++ b/2024/57xxx/CVE-2024-57972.json @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in the pairing request method in Microsoft HoloLens 1 and 2 - Windows Holographic 10.0.17763.3046 through 10.0.22621.1244 allows remote attackers to cause a Denial of Service via the Device Portal framework." + "value": "The pairing API request handler in Microsoft HoloLens 1 (Windows Holographic) through 10.0.17763.3046 and HoloLens 2 (Windows Holographic) through 10.0.22621.1244 allows remote attackers to cause a Denial of Service (resource consumption and device unusability) by sending many requests through the Device Portal framework." } ] } diff --git a/2025/27xxx/CVE-2025-27598.json b/2025/27xxx/CVE-2025-27598.json index c94b72ccc71..e9524c19974 100644 --- a/2025/27xxx/CVE-2025-27598.json +++ b/2025/27xxx/CVE-2025-27598.json @@ -1,17 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27598", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. The problem has been patched. All users are advised to upgrade to v3.1.7 or v2.1.10." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write", + "cweId": "CWE-787" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SixLabors", + "product": { + "product_data": [ + { + "product_name": "ImageSharp", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 2.1.10" + }, + { + "version_affected": "=", + "version_value": ">= 3.0.0, < 3.1.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-2cmq-823j-5qj8", + "refsource": "MISC", + "name": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-2cmq-823j-5qj8" + }, + { + "url": "https://github.com/SixLabors/ImageSharp/issues/2859", + "refsource": "MISC", + "name": "https://github.com/SixLabors/ImageSharp/issues/2859" + }, + { + "url": "https://github.com/SixLabors/ImageSharp/pull/2890", + "refsource": "MISC", + "name": "https://github.com/SixLabors/ImageSharp/pull/2890" + } + ] + }, + "source": { + "advisory": "GHSA-2cmq-823j-5qj8", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2025/2xxx/CVE-2025-2044.json b/2025/2xxx/CVE-2025-2044.json index 912e7717a1b..283d75854c8 100644 --- a/2025/2xxx/CVE-2025-2044.json +++ b/2025/2xxx/CVE-2025-2044.json @@ -1,17 +1,123 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2044", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/delete_bloodGroup.php. The manipulation of the argument blood_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "In code-projects Blood Bank Management System 1.0 wurde eine kritische Schwachstelle ausgemacht. Hierbei betrifft es unbekannten Programmcode der Datei /admin/delete_bloodGroup.php. Durch das Manipulieren des Arguments blood_id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection", + "cweId": "CWE-89" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Injection", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "code-projects", + "product": { + "product_data": [ + { + "product_name": "Blood Bank Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.298789", + "refsource": "MISC", + "name": "https://vuldb.com/?id.298789" + }, + { + "url": "https://vuldb.com/?ctiid.298789", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.298789" + }, + { + "url": "https://vuldb.com/?submit.513653", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.513653" + }, + { + "url": "https://github.com/intercpt/XSS1/blob/main/SQL5.md", + "refsource": "MISC", + "name": "https://github.com/intercpt/XSS1/blob/main/SQL5.md" + }, + { + "url": "https://code-projects.org/", + "refsource": "MISC", + "name": "https://code-projects.org/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "intrcpt (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.7, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.7, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.8, + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P" } ] } diff --git a/2025/2xxx/CVE-2025-2046.json b/2025/2xxx/CVE-2025-2046.json index a40ead2210e..36baf24f8c5 100644 --- a/2025/2xxx/CVE-2025-2046.json +++ b/2025/2xxx/CVE-2025-2046.json @@ -1,17 +1,123 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2046", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in SourceCodester Best Employee Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/print1.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in SourceCodester Best Employee Management System 1.0 gefunden. Sie wurde als kritisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /admin/print1.php. Durch die Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection", + "cweId": "CWE-89" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Injection", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Best Employee Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.298796", + "refsource": "MISC", + "name": "https://vuldb.com/?id.298796" + }, + { + "url": "https://vuldb.com/?ctiid.298796", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.298796" + }, + { + "url": "https://vuldb.com/?submit.513971", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.513971" + }, + { + "url": "https://github.com/Hefei-Coffee/cve/issues/2", + "refsource": "MISC", + "name": "https://github.com/Hefei-Coffee/cve/issues/2" + }, + { + "url": "https://www.sourcecodester.com/", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "baiyunjian (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2025/2xxx/CVE-2025-2047.json b/2025/2xxx/CVE-2025-2047.json index d63f1e8f3bf..dc5d9cea162 100644 --- a/2025/2xxx/CVE-2025-2047.json +++ b/2025/2xxx/CVE-2025-2047.json @@ -1,17 +1,123 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2047", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in PHPGurukul Art Gallery Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /search.php. The manipulation of the argument search leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in PHPGurukul Art Gallery Management System 1.0 ausgemacht. Sie wurde als problematisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei /search.php. Durch Manipulation des Arguments search mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting", + "cweId": "CWE-79" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Code Injection", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PHPGurukul", + "product": { + "product_data": [ + { + "product_name": "Art Gallery Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.298797", + "refsource": "MISC", + "name": "https://vuldb.com/?id.298797" + }, + { + "url": "https://vuldb.com/?ctiid.298797", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.298797" + }, + { + "url": "https://vuldb.com/?submit.514015", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.514015" + }, + { + "url": "https://github.com/chenyihao-cyber/CVE/issues/3", + "refsource": "MISC", + "name": "https://github.com/chenyihao-cyber/CVE/issues/3" + }, + { + "url": "https://phpgurukul.com/", + "refsource": "MISC", + "name": "https://phpgurukul.com/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "JackCyh (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ] } diff --git a/2025/2xxx/CVE-2025-2049.json b/2025/2xxx/CVE-2025-2049.json index ca969a5333d..535b8a69588 100644 --- a/2025/2xxx/CVE-2025-2049.json +++ b/2025/2xxx/CVE-2025-2049.json @@ -1,17 +1,123 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2049", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as problematic has been found in code-projects Blood Bank System 1.0. Affected is an unknown function of the file AB+.php. The manipulation of the argument Bloodname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Es wurde eine problematische Schwachstelle in code-projects Blood Bank System 1.0 entdeckt. Es betrifft eine unbekannte Funktion der Datei AB+.php. Durch das Manipulieren des Arguments Bloodname mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting", + "cweId": "CWE-79" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Code Injection", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "code-projects", + "product": { + "product_data": [ + { + "product_name": "Blood Bank System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.298800", + "refsource": "MISC", + "name": "https://vuldb.com/?id.298800" + }, + { + "url": "https://vuldb.com/?ctiid.298800", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.298800" + }, + { + "url": "https://vuldb.com/?submit.514089", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.514089" + }, + { + "url": "https://github.com/ABC-YOLO/cve/blob/main/xss45.md", + "refsource": "MISC", + "name": "https://github.com/ABC-YOLO/cve/blob/main/xss45.md" + }, + { + "url": "https://code-projects.org/", + "refsource": "MISC", + "name": "https://code-projects.org/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "DMTYOLO (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ] } diff --git a/2025/2xxx/CVE-2025-2079.json b/2025/2xxx/CVE-2025-2079.json new file mode 100644 index 00000000000..e89e7ab5e99 --- /dev/null +++ b/2025/2xxx/CVE-2025-2079.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2079", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/2xxx/CVE-2025-2080.json b/2025/2xxx/CVE-2025-2080.json new file mode 100644 index 00000000000..ddc0bcf8ab1 --- /dev/null +++ b/2025/2xxx/CVE-2025-2080.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2080", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/2xxx/CVE-2025-2081.json b/2025/2xxx/CVE-2025-2081.json new file mode 100644 index 00000000000..19151e96a9c --- /dev/null +++ b/2025/2xxx/CVE-2025-2081.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2081", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/2xxx/CVE-2025-2082.json b/2025/2xxx/CVE-2025-2082.json new file mode 100644 index 00000000000..1f060e1fc2e --- /dev/null +++ b/2025/2xxx/CVE-2025-2082.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2082", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file