From 19e94f1a61743c6fac4f6fef8c99b5aada72f77b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 13 Mar 2025 14:00:32 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/13xxx/CVE-2024-13359.json | 4 +-- 2024/28xxx/CVE-2024-28803.json | 56 +++++++++++++++++++++++++++---- 2024/57xxx/CVE-2024-57348.json | 56 +++++++++++++++++++++++++++---- 2025/1xxx/CVE-2025-1244.json | 26 +++++++++++++++ 2025/29xxx/CVE-2025-29357.json | 56 +++++++++++++++++++++++++++---- 2025/29xxx/CVE-2025-29358.json | 56 +++++++++++++++++++++++++++---- 2025/29xxx/CVE-2025-29359.json | 56 +++++++++++++++++++++++++++---- 2025/29xxx/CVE-2025-29360.json | 56 +++++++++++++++++++++++++++---- 2025/29xxx/CVE-2025-29361.json | 56 +++++++++++++++++++++++++++---- 2025/29xxx/CVE-2025-29362.json | 56 +++++++++++++++++++++++++++---- 2025/29xxx/CVE-2025-29363.json | 56 +++++++++++++++++++++++++++---- 2025/2xxx/CVE-2025-2280.json | 61 +++++++++++++++++++++++++++++++--- 12 files changed, 535 insertions(+), 60 deletions(-) diff --git a/2024/13xxx/CVE-2024-13359.json b/2024/13xxx/CVE-2024-13359.json index a9e04c9c6fd..8d6e5efea75 100644 --- a/2024/13xxx/CVE-2024-13359.json +++ b/2024/13xxx/CVE-2024-13359.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the add_product_input_fields_to_order_item_meta() function in all versions up to, and including, 1.12.1. This may make it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. Please note that by default the plugin is only vulnerable to a double extension file upload attack, unless an administrators leaves the accepted file extensions field blank which can make .php file uploads possible." + "value": "The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the add_product_input_fields_to_order_item_meta() function in all versions up to, and including, 1.12.0. This may make it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. Please note that by default the plugin is only vulnerable to a double extension file upload attack, unless an administrators leaves the accepted file extensions field blank which can make .php file uploads possible." } ] }, @@ -42,7 +42,7 @@ { "version_affected": "<=", "version_name": "*", - "version_value": "1.12.1" + "version_value": "1.12.0" } ] } diff --git a/2024/28xxx/CVE-2024-28803.json b/2024/28xxx/CVE-2024-28803.json index 32e5aa4099e..7d102812d80 100644 --- a/2024/28xxx/CVE-2024-28803.json +++ b/2024/28xxx/CVE-2024-28803.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-28803", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-28803", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in Italtel S.p.A. i-MCS NFV v.12.1.0-20211215 allows unauthenticated remote attackers to inject arbitrary web script or HTML into HTTP/POST parameter" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.gruppotim.it/it/footer/red-team.html", + "refsource": "MISC", + "name": "https://www.gruppotim.it/it/footer/red-team.html" } ] } diff --git a/2024/57xxx/CVE-2024-57348.json b/2024/57xxx/CVE-2024-57348.json index 1027504136c..83c1b90d984 100644 --- a/2024/57xxx/CVE-2024-57348.json +++ b/2024/57xxx/CVE-2024-57348.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57348", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57348", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting vulnerability in PecanProject pecan v.1.7.2 allows a remote attacker to execute arbitrary code via the crafted payload to the hostname, sitegroupid, lat, lon and sitename parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/PecanProject/pecan/issues/3400", + "url": "https://github.com/PecanProject/pecan/issues/3400" } ] } diff --git a/2025/1xxx/CVE-2025-1244.json b/2025/1xxx/CVE-2025-1244.json index 111f15d028a..ae12ca0b49b 100644 --- a/2025/1xxx/CVE-2025-1244.json +++ b/2025/1xxx/CVE-2025-1244.json @@ -343,6 +343,27 @@ ] } }, + { + "product_name": "Builds for Red Hat OpenShift 1.3.1", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "sha256:73407faadc9e5a34e9baf2ff089805b49ec503972a5d02111857ea6e79780877", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 6", "version": { @@ -414,6 +435,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2025:2195" }, + { + "url": "https://access.redhat.com/errata/RHSA-2025:2754", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2025:2754" + }, { "url": "https://access.redhat.com/security/cve/CVE-2025-1244", "refsource": "MISC", diff --git a/2025/29xxx/CVE-2025-29357.json b/2025/29xxx/CVE-2025-29357.json index ec8049080fb..a296cf9eb6e 100644 --- a/2025/29xxx/CVE-2025-29357.json +++ b/2025/29xxx/CVE-2025-29357.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-29357", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-29357", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the startIp and endIp parameters at /goform/SetPptpServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/2664521593/mycve/blob/main/Tenda/RX3/tenda_rx3_bof_4.pdf", + "refsource": "MISC", + "name": "https://github.com/2664521593/mycve/blob/main/Tenda/RX3/tenda_rx3_bof_4.pdf" } ] } diff --git a/2025/29xxx/CVE-2025-29358.json b/2025/29xxx/CVE-2025-29358.json index 3b01adbcfc2..1d81cd2ba82 100644 --- a/2025/29xxx/CVE-2025-29358.json +++ b/2025/29xxx/CVE-2025-29358.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-29358", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-29358", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the firewallEn parameter at /goform/SetFirewallCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/2664521593/mycve/blob/main/Tenda/RX3/tenda_rx3_bof_2.pdf", + "refsource": "MISC", + "name": "https://github.com/2664521593/mycve/blob/main/Tenda/RX3/tenda_rx3_bof_2.pdf" } ] } diff --git a/2025/29xxx/CVE-2025-29359.json b/2025/29xxx/CVE-2025-29359.json index 6a0c354e587..d458dd34ec8 100644 --- a/2025/29xxx/CVE-2025-29359.json +++ b/2025/29xxx/CVE-2025-29359.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-29359", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-29359", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the deviceId parameter at /goform/saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/2664521593/mycve/blob/main/Tenda/RX3/tenda_rx3_bof_6.pdf", + "refsource": "MISC", + "name": "https://github.com/2664521593/mycve/blob/main/Tenda/RX3/tenda_rx3_bof_6.pdf" } ] } diff --git a/2025/29xxx/CVE-2025-29360.json b/2025/29xxx/CVE-2025-29360.json index 0b1607d74e1..303f323f438 100644 --- a/2025/29xxx/CVE-2025-29360.json +++ b/2025/29xxx/CVE-2025-29360.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-29360", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-29360", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the time and timeZone parameters at /goform/SetSysTimeCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/2664521593/mycve/blob/main/Tenda/RX3/tenda_rx3_bof_1.pdf", + "refsource": "MISC", + "name": "https://github.com/2664521593/mycve/blob/main/Tenda/RX3/tenda_rx3_bof_1.pdf" } ] } diff --git a/2025/29xxx/CVE-2025-29361.json b/2025/29xxx/CVE-2025-29361.json index 888102652c4..6819386e7d4 100644 --- a/2025/29xxx/CVE-2025-29361.json +++ b/2025/29xxx/CVE-2025-29361.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-29361", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-29361", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the list parameter at /goform/SetVirtualServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/2664521593/mycve/blob/main/Tenda/RX3/tenda_rx3_bof_5.pdf", + "refsource": "MISC", + "name": "https://github.com/2664521593/mycve/blob/main/Tenda/RX3/tenda_rx3_bof_5.pdf" } ] } diff --git a/2025/29xxx/CVE-2025-29362.json b/2025/29xxx/CVE-2025-29362.json index d98e672e86c..a2adfe3e19f 100644 --- a/2025/29xxx/CVE-2025-29362.json +++ b/2025/29xxx/CVE-2025-29362.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-29362", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-29362", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the list parameter at /goform/setPptpUserList. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/2664521593/mycve/blob/main/Tenda/RX3/tenda_rx3_bof_3.pdf", + "refsource": "MISC", + "name": "https://github.com/2664521593/mycve/blob/main/Tenda/RX3/tenda_rx3_bof_3.pdf" } ] } diff --git a/2025/29xxx/CVE-2025-29363.json b/2025/29xxx/CVE-2025-29363.json index 147fbbd6473..b1bc0145d36 100644 --- a/2025/29xxx/CVE-2025-29363.json +++ b/2025/29xxx/CVE-2025-29363.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-29363", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-29363", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to buffer overflow via the schedStartTime and schedEndTime parameters at /goform/saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/2664521593/mycve/blob/main/Tenda/RX3/tenda_rx3_bof_7.pdf", + "refsource": "MISC", + "name": "https://github.com/2664521593/mycve/blob/main/Tenda/RX3/tenda_rx3_bof_7.pdf" } ] } diff --git a/2025/2xxx/CVE-2025-2280.json b/2025/2xxx/CVE-2025-2280.json index c07aec4a1cb..372c823bd90 100644 --- a/2025/2xxx/CVE-2025-2280.json +++ b/2025/2xxx/CVE-2025-2280.json @@ -1,18 +1,71 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2280", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@devolutions.net", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control in web extension restriction feature in Devolutions Server 2024.3.13 and earlier allows an authenticated user to bypass the browser extension restriction feature." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Devolutions", + "product": { + "product_data": [ + { + "product_name": "Server", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2024.3.13" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://devolutions.net/security/advisories/DEVO-2025-0004/", + "refsource": "MISC", + "name": "https://devolutions.net/security/advisories/DEVO-2025-0004/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file