From 1ff22667978f0fcbb5b75b99e22117de4e7fd9b4 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 28 Mar 2025 09:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2025/1xxx/CVE-2025-1705.json | 86 ++++++++++++++++++++++++++++++++-- 2025/27xxx/CVE-2025-27130.json | 18 +++++++ 2025/27xxx/CVE-2025-27567.json | 69 +++++++++++++++++++++++++-- 2025/27xxx/CVE-2025-27574.json | 69 +++++++++++++++++++++++++-- 2025/27xxx/CVE-2025-27716.json | 69 +++++++++++++++++++++++++-- 2025/27xxx/CVE-2025-27718.json | 69 +++++++++++++++++++++++++-- 2025/27xxx/CVE-2025-27726.json | 69 +++++++++++++++++++++++++-- 2025/27xxx/CVE-2025-27932.json | 69 +++++++++++++++++++++++++-- 2025/2xxx/CVE-2025-2904.json | 18 +++++++ 2025/2xxx/CVE-2025-2905.json | 18 +++++++ 10 files changed, 526 insertions(+), 28 deletions(-) create mode 100644 2025/27xxx/CVE-2025-27130.json create mode 100644 2025/2xxx/CVE-2025-2904.json create mode 100644 2025/2xxx/CVE-2025-2905.json diff --git a/2025/1xxx/CVE-2025-1705.json b/2025/1xxx/CVE-2025-1705.json index 89bd914dcdf..0f7579721dc 100644 --- a/2025/1xxx/CVE-2025-1705.json +++ b/2025/1xxx/CVE-2025-1705.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-1705", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The tagDiv Composer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.3. This is due to missing or incorrect nonce validation within the td_ajax_get_views AJAX action. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "tagDiv", + "product": { + "product_data": [ + { + "product_name": "tagDiv Composer", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "5.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2aaa8c34-cf7b-4630-adc8-cbb534deff89?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2aaa8c34-cf7b-4630-adc8-cbb534deff89?source=cve" + }, + { + "url": "https://tagdiv.com/tagdiv-composer-page-builder-basics/", + "refsource": "MISC", + "name": "https://tagdiv.com/tagdiv-composer-page-builder-basics/" + }, + { + "url": "https://themeforest.net/item/newspaper/5489609", + "refsource": "MISC", + "name": "https://themeforest.net/item/newspaper/5489609" + }, + { + "url": "https://tagdiv.com/newspaper-changelog/", + "refsource": "MISC", + "name": "https://tagdiv.com/newspaper-changelog/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Truoc Phan" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" } ] } diff --git a/2025/27xxx/CVE-2025-27130.json b/2025/27xxx/CVE-2025-27130.json new file mode 100644 index 00000000000..fefe6403f1e --- /dev/null +++ b/2025/27xxx/CVE-2025-27130.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-27130", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/27xxx/CVE-2025-27567.json b/2025/27xxx/CVE-2025-27567.json index ab348294747..a87abe4e880 100644 --- a/2025/27xxx/CVE-2025-27567.json +++ b/2025/27xxx/CVE-2025-27567.json @@ -1,17 +1,78 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27567", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting vulnerability exists in the NickName registration screen of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the configuration page or functions accessible only from the LAN side of the product." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS)", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "KDDI CORPORATION", + "product": { + "product_data": [ + { + "product_name": "HGW-BL1500HM", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Ver 002.002.003 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://kddi-tech.com/contents/appendix_L2_06.html#64433e4a-8946-9c06-bddf-91cbfe56c8e5", + "refsource": "MISC", + "name": "https://kddi-tech.com/contents/appendix_L2_06.html#64433e4a-8946-9c06-bddf-91cbfe56c8e5" + }, + { + "url": "https://jvn.jp/en/jp/JVN04278547/", + "refsource": "MISC", + "name": "https://jvn.jp/en/jp/JVN04278547/" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "baseSeverity": "MEDIUM", + "baseScore": 5.4, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" } ] } diff --git a/2025/27xxx/CVE-2025-27574.json b/2025/27xxx/CVE-2025-27574.json index 18925a38c4c..abf64c06615 100644 --- a/2025/27xxx/CVE-2025-27574.json +++ b/2025/27xxx/CVE-2025-27574.json @@ -1,17 +1,78 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27574", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting vulnerability exists in the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the configuration page or functions accessible only from the LAN side of the product." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS)", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "KDDI CORPORATION", + "product": { + "product_data": [ + { + "product_name": "HGW-BL1500HM", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Ver 002.002.003 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://kddi-tech.com/contents/appendix_L2_06.html#64433e4a-8946-9c06-bddf-91cbfe56c8e5", + "refsource": "MISC", + "name": "https://kddi-tech.com/contents/appendix_L2_06.html#64433e4a-8946-9c06-bddf-91cbfe56c8e5" + }, + { + "url": "https://jvn.jp/en/jp/JVN04278547/", + "refsource": "MISC", + "name": "https://jvn.jp/en/jp/JVN04278547/" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "baseSeverity": "LOW", + "baseScore": 3.6, + "vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" } ] } diff --git a/2025/27xxx/CVE-2025-27716.json b/2025/27xxx/CVE-2025-27716.json index a82813fce11..b36b21b53bc 100644 --- a/2025/27xxx/CVE-2025-27716.json +++ b/2025/27xxx/CVE-2025-27716.json @@ -1,17 +1,78 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27716", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file/folder listing process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be obtained and/or altered by a crafted HTTP request to specific functions of the product from a device connected to the LAN side." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper limitation of a pathname to a restricted directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "KDDI CORPORATION", + "product": { + "product_data": [ + { + "product_name": "HGW-BL1500HM", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Ver 002.002.003 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://kddi-tech.com/contents/appendix_L2_06.html#64433e4a-8946-9c06-bddf-91cbfe56c8e5", + "refsource": "MISC", + "name": "https://kddi-tech.com/contents/appendix_L2_06.html#64433e4a-8946-9c06-bddf-91cbfe56c8e5" + }, + { + "url": "https://jvn.jp/en/jp/JVN04278547/", + "refsource": "MISC", + "name": "https://jvn.jp/en/jp/JVN04278547/" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "baseSeverity": "MEDIUM", + "baseScore": 6.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ] } diff --git a/2025/27xxx/CVE-2025-27718.json b/2025/27xxx/CVE-2025-27718.json index c29b901ae58..46dfb429b00 100644 --- a/2025/27xxx/CVE-2025-27718.json +++ b/2025/27xxx/CVE-2025-27718.json @@ -1,17 +1,78 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27718", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file upload process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be obtained and/or altered or arbitrary code may be executed by a crafted HTTP request to specific functions of the product from a device connected to the LAN side." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper limitation of a pathname to a restricted directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "KDDI CORPORATION", + "product": { + "product_data": [ + { + "product_name": "HGW-BL1500HM", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Ver 002.002.003 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://kddi-tech.com/contents/appendix_L2_06.html#64433e4a-8946-9c06-bddf-91cbfe56c8e5", + "refsource": "MISC", + "name": "https://kddi-tech.com/contents/appendix_L2_06.html#64433e4a-8946-9c06-bddf-91cbfe56c8e5" + }, + { + "url": "https://jvn.jp/en/jp/JVN04278547/", + "refsource": "MISC", + "name": "https://jvn.jp/en/jp/JVN04278547/" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "baseSeverity": "HIGH", + "baseScore": 8.8, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ] } diff --git a/2025/27xxx/CVE-2025-27726.json b/2025/27xxx/CVE-2025-27726.json index 5b1a1e3a5ed..29428486503 100644 --- a/2025/27xxx/CVE-2025-27726.json +++ b/2025/27xxx/CVE-2025-27726.json @@ -1,17 +1,78 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27726", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file download process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be obtained and/or altered by a crafted HTTP request to specific functions of the product from a device connected to the LAN side." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper limitation of a pathname to a restricted directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "KDDI CORPORATION", + "product": { + "product_data": [ + { + "product_name": "HGW-BL1500HM", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Ver 002.002.003 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://kddi-tech.com/contents/appendix_L2_06.html#64433e4a-8946-9c06-bddf-91cbfe56c8e5", + "refsource": "MISC", + "name": "https://kddi-tech.com/contents/appendix_L2_06.html#64433e4a-8946-9c06-bddf-91cbfe56c8e5" + }, + { + "url": "https://jvn.jp/en/jp/JVN04278547/", + "refsource": "MISC", + "name": "https://jvn.jp/en/jp/JVN04278547/" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "baseSeverity": "LOW", + "baseScore": 2.1, + "vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ] } diff --git a/2025/27xxx/CVE-2025-27932.json b/2025/27xxx/CVE-2025-27932.json index c0a9ff8e530..804059e71b9 100644 --- a/2025/27xxx/CVE-2025-27932.json +++ b/2025/27xxx/CVE-2025-27932.json @@ -1,17 +1,78 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27932", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file deletion process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an attacker may delete a file on the device or cause a denial of service (DoS) condition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper limitation of a pathname to a restricted directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "KDDI CORPORATION", + "product": { + "product_data": [ + { + "product_name": "HGW-BL1500HM", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Ver 002.002.003 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://kddi-tech.com/contents/appendix_L2_06.html#64433e4a-8946-9c06-bddf-91cbfe56c8e5", + "refsource": "MISC", + "name": "https://kddi-tech.com/contents/appendix_L2_06.html#64433e4a-8946-9c06-bddf-91cbfe56c8e5" + }, + { + "url": "https://jvn.jp/en/jp/JVN04278547/", + "refsource": "MISC", + "name": "https://jvn.jp/en/jp/JVN04278547/" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "baseSeverity": "HIGH", + "baseScore": 8.1, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" } ] } diff --git a/2025/2xxx/CVE-2025-2904.json b/2025/2xxx/CVE-2025-2904.json new file mode 100644 index 00000000000..bb0201ee1e3 --- /dev/null +++ b/2025/2xxx/CVE-2025-2904.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2904", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/2xxx/CVE-2025-2905.json b/2025/2xxx/CVE-2025-2905.json new file mode 100644 index 00000000000..9f46ccc3874 --- /dev/null +++ b/2025/2xxx/CVE-2025-2905.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2905", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file