admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 10:41:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-04-02 23:00:33 +00:00
parent 3654c8e47d
commit 1b71a3040f
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
5 changed files with 471 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
2025/0xxx/CVE-2025-0257.json
View File

@ -1,17 +1,87 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0257",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@hcl.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "HCL DevOps Deploy / HCL Launch could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function",
"cweId": "CWE-306"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "HCL Software",
"product": {
"product_data": [
{
"product_name": "HCL DevOps Deploy / HCL Launch",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.1 - 7.1.2.22; 7.2 - 7.2.3.15; 7.3 - 7.3.2.10; 8.0 - 8.0.1.5; 8.1 - 8.1.0.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119061",
"refsource": "MISC",
"name": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119061"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
]
}

105
2025/3xxx/CVE-2025-3121.json
View File

@ -1,17 +1,114 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3121",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as problematic has been found in PyTorch 2.6.0. Affected is the function torch.jit.jit_module_from_flatbuffer. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "Es wurde eine problematische Schwachstelle in PyTorch 2.6.0 entdeckt. Es geht dabei um die Funktion torch.jit.jit_module_from_flatbuffer. Mittels Manipulieren mit unbekannten Daten kann eine memory corruption-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory Corruption",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "PyTorch",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.6.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.303012",
"refsource": "MISC",
"name": "https://vuldb.com/?id.303012"
},
{
"url": "https://vuldb.com/?ctiid.303012",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.303012"
},
{
"url": "https://vuldb.com/?submit.525049",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.525049"
},
{
"url": "https://github.com/pytorch/pytorch/issues/149800",
"refsource": "MISC",
"name": "https://github.com/pytorch/pytorch/issues/149800"
},
{
"url": "https://github.com/pytorch/pytorch/issues/149800#issue-2940240700",
"refsource": "MISC",
"name": "https://github.com/pytorch/pytorch/issues/149800#issue-2940240700"
}
]
},
"credits": [
{
"lang": "en",
"value": "Default436352 (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.3,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.3,
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P"
}
]
}

108
2025/3xxx/CVE-2025-3122.json
View File

@ -1,17 +1,117 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3122",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as problematic was found in WebAssembly wabt 1.0.36. Affected by this vulnerability is the function BinaryReaderInterp::BeginFunctionBody of the file src/interp/binary-reader-interp.cc. The manipulation leads to null pointer dereference. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "In WebAssembly wabt 1.0.36 wurde eine problematische Schwachstelle entdeckt. Dabei geht es um die Funktion BinaryReaderInterp::BeginFunctionBody der Datei src/interp/binary-reader-interp.cc. Durch das Manipulieren mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service",
"cweId": "CWE-404"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "WebAssembly",
"product": {
"product_data": [
{
"product_name": "wabt",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0.36"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.303013",
"refsource": "MISC",
"name": "https://vuldb.com/?id.303013"
},
{
"url": "https://vuldb.com/?ctiid.303013",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.303013"
},
{
"url": "https://vuldb.com/?submit.525091",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.525091"
},
{
"url": "https://github.com/WebAssembly/wabt/issues/2565",
"refsource": "MISC",
"name": "https://github.com/WebAssembly/wabt/issues/2565"
},
{
"url": "https://github.com/WebAssembly/wabt/issues/2565#issue-2927572319",
"refsource": "MISC",
"name": "https://github.com/WebAssembly/wabt/issues/2565#issue-2927572319"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.1,
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P"
}
]
}

119
2025/3xxx/CVE-2025-3123.json
View File

@ -1,17 +1,128 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3123",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** DISPUTED ** A vulnerability, which was classified as critical, has been found in WonderCMS 3.5.0. Affected by this issue is the function installUpdateModuleAction of the component Theme Installation/Plugin Installation. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor explains, that \"[t]he philosophy has always been, admin [...] bear responsibility to not install themes/plugins from untrusted sources.\""
},
{
"lang": "deu",
"value": "** DISPUTED ** Eine kritische Schwachstelle wurde in WonderCMS 3.5.0 entdeckt. Hierbei geht es um die Funktion installUpdateModuleAction der Komponente Theme Installation/Plugin Installation. Durch Manipulieren mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Bisher konnte die Existenz der vermeintlichen Schwachstelle noch nicht eindeutig nachgewiesen werden."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unrestricted Upload",
"cweId": "CWE-434"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Improper Access Controls",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "WonderCMS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.5.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.303014",
"refsource": "MISC",
"name": "https://vuldb.com/?id.303014"
},
{
"url": "https://vuldb.com/?ctiid.303014",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.303014"
},
{
"url": "https://vuldb.com/?submit.525101",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.525101"
},
{
"url": "https://github.com/WonderCMS/wondercms/issues/330",
"refsource": "MISC",
"name": "https://github.com/WonderCMS/wondercms/issues/330"
},
{
"url": "https://github.com/WonderCMS/wondercms/issues/330#issuecomment-2745347770",
"refsource": "MISC",
"name": "https://github.com/WonderCMS/wondercms/issues/330#issuecomment-2745347770"
},
{
"url": "https://github.com/WonderCMS/wondercms/issues/330#issue-2940381112",
"refsource": "MISC",
"name": "https://github.com/WonderCMS/wondercms/issues/330#issue-2940381112"
}
]
},
"credits": [
{
"lang": "en",
"value": "cc1110 (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 4.7,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 4.7,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P"
}
]
}

77
2025/3xxx/CVE-2025-3154.json Normal file
View File

@ -0,0 +1,77 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2025-3154",
"ASSIGNER": "xpdf@xpdfreader.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid VerticesPerRow value in a PDF shading dictionary."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write",
"cweId": "CWE-787"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Xpdf",
"product": {
"product_data": [
{
"product_name": "Xpdf",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "4.05"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.xpdfreader.com/security-bug/CVE-2025-3154.html",
"refsource": "MISC",
"name": "https://www.xpdfreader.com/security-bug/CVE-2025-3154.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Erik Viken"
}
]
}