admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-01-06 16:01:05 +00:00
parent 4bd7bcafc2
commit 23b2f88e54
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
6 changed files with 256 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2023/6xxx/CVE-2023-6602.json
View File

@ -4,7 +4,7 @@
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2023-6602",
"ASSIGNER": "secalert@redhat.com",
"ASSIGNER": "patrick@puiterwijk.org",
"STATE": "PUBLIC"
},
"description": {

2
2023/6xxx/CVE-2023-6603.json
View File

@ -4,7 +4,7 @@
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2023-6603",
"ASSIGNER": "secalert@redhat.com",
"ASSIGNER": "patrick@puiterwijk.org",
"STATE": "PUBLIC"
},
"description": {

18
2025/0xxx/CVE-2025-0248.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0248",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

63
2025/21xxx/CVE-2025-21604.json
View File

@ -1,18 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-21604",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "LangChain4j-AIDeepin is a Retrieval enhancement generation (RAG) project. Prior to 3.5.0, LangChain4j-AIDeepin uses MD5 to hash files, which may cause file upload conflicts. This issue is fixed in 3.5.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-328: Use of Weak Hash",
"cweId": "CWE-328"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "moyangzhan",
"product": {
"product_data": [
{
"product_name": "langchain4j-aideepin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 3.5.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/moyangzhan/langchain4j-aideepin/security/advisories/GHSA-cv5r-73vf-8x7v",
"refsource": "MISC",
"name": "https://github.com/moyangzhan/langchain4j-aideepin/security/advisories/GHSA-cv5r-73vf-8x7v"
},
{
"url": "https://github.com/moyangzhan/langchain4j-aideepin/commit/3cf625c5044a151a8cbcbdf98e10b4b46b8a975a",
"refsource": "MISC",
"name": "https://github.com/moyangzhan/langchain4j-aideepin/commit/3cf625c5044a151a8cbcbdf98e10b4b46b8a975a"
}
]
},
"source": {
"advisory": "GHSA-cv5r-73vf-8x7v",
"discovery": "UNKNOWN"
}
}

86
2025/21xxx/CVE-2025-21611.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-21611",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "tgstation-server is a production scale tool for BYOND server management. Prior to 6.12.3, roles used to authorize API methods were incorrectly OR'd instead of AND'ed with the role used to determine if a user was enabled. This allows enabled users access to most, but not all, authorized actions regardless of their permissions. Notably, the WriteUsers right is unaffected so users may not use this bug to permanently elevate their account permissions. The fix is release in tgstation-server-v6.12.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization",
"cweId": "CWE-285"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "tgstation",
"product": {
"product_data": [
{
"product_name": "tgstation-server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 6.11.0, < 6.12.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/tgstation/tgstation-server/security/advisories/GHSA-rf5r-q276-vrc4",
"refsource": "MISC",
"name": "https://github.com/tgstation/tgstation-server/security/advisories/GHSA-rf5r-q276-vrc4"
},
{
"url": "https://github.com/tgstation/tgstation-server/issues/2064",
"refsource": "MISC",
"name": "https://github.com/tgstation/tgstation-server/issues/2064"
},
{
"url": "https://github.com/tgstation/tgstation-server/commit/e7b1189620baaf03c2d23f6e164d07c7c7d87d57",
"refsource": "MISC",
"name": "https://github.com/tgstation/tgstation-server/commit/e7b1189620baaf03c2d23f6e164d07c7c7d87d57"
}
]
},
"source": {
"advisory": "GHSA-rf5r-q276-vrc4",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

99
2025/21xxx/CVE-2025-21612.json
View File

@ -1,17 +1,108 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-21612",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Prior to 2.7.2, TabberTransclude.php doesn't escape the user-supplied page name when outputting, so an XSS payload as the page name can be used here. This vulnerability is fixed in 2.7.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"cweId": "CWE-80"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "StarCitizenTools",
"product": {
"product_data": [
{
"product_name": "mediawiki-extensions-TabberNeue",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 1.9.1, < 2.7.2"
},
{
"version_affected": "=",
"version_value": ">= d8c3db4e5935476e496d979fb01f775d3d3282e6, < f229cab099c69006e25d4bad3579954e481dc566"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/StarCitizenTools/mediawiki-extensions-TabberNeue/security/advisories/GHSA-4x6x-8rm8-c37j",
"refsource": "MISC",
"name": "https://github.com/StarCitizenTools/mediawiki-extensions-TabberNeue/security/advisories/GHSA-4x6x-8rm8-c37j"
},
{
"url": "https://github.com/StarCitizenTools/mediawiki-extensions-TabberNeue/commit/d8c3db4e5935476e496d979fb01f775d3d3282e6",
"refsource": "MISC",
"name": "https://github.com/StarCitizenTools/mediawiki-extensions-TabberNeue/commit/d8c3db4e5935476e496d979fb01f775d3d3282e6"
},
{
"url": "https://github.com/StarCitizenTools/mediawiki-extensions-TabberNeue/commit/f229cab099c69006e25d4bad3579954e481dc566",
"refsource": "MISC",
"name": "https://github.com/StarCitizenTools/mediawiki-extensions-TabberNeue/commit/f229cab099c69006e25d4bad3579954e481dc566"
}
]
},
"source": {
"advisory": "GHSA-4x6x-8rm8-c37j",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
]
}