diff --git a/2023/6xxx/CVE-2023-6602.json b/2023/6xxx/CVE-2023-6602.json index 5330e1a7787..a7153a82083 100644 --- a/2023/6xxx/CVE-2023-6602.json +++ b/2023/6xxx/CVE-2023-6602.json @@ -4,7 +4,7 @@ "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2023-6602", - "ASSIGNER": "secalert@redhat.com", + "ASSIGNER": "patrick@puiterwijk.org", "STATE": "PUBLIC" }, "description": { diff --git a/2023/6xxx/CVE-2023-6603.json b/2023/6xxx/CVE-2023-6603.json index a42a41fc172..ca687243f42 100644 --- a/2023/6xxx/CVE-2023-6603.json +++ b/2023/6xxx/CVE-2023-6603.json @@ -4,7 +4,7 @@ "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2023-6603", - "ASSIGNER": "secalert@redhat.com", + "ASSIGNER": "patrick@puiterwijk.org", "STATE": "PUBLIC" }, "description": { diff --git a/2025/0xxx/CVE-2025-0248.json b/2025/0xxx/CVE-2025-0248.json new file mode 100644 index 00000000000..51327b1a132 --- /dev/null +++ b/2025/0xxx/CVE-2025-0248.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-0248", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/21xxx/CVE-2025-21604.json b/2025/21xxx/CVE-2025-21604.json index 6221050efda..082fc9beffa 100644 --- a/2025/21xxx/CVE-2025-21604.json +++ b/2025/21xxx/CVE-2025-21604.json @@ -1,18 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-21604", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "LangChain4j-AIDeepin is a Retrieval enhancement generation (RAG) project. Prior to 3.5.0, LangChain4j-AIDeepin uses MD5 to hash files, which may cause file upload conflicts. This issue is fixed in 3.5.0." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-328: Use of Weak Hash", + "cweId": "CWE-328" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "moyangzhan", + "product": { + "product_data": [ + { + "product_name": "langchain4j-aideepin", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 3.5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/moyangzhan/langchain4j-aideepin/security/advisories/GHSA-cv5r-73vf-8x7v", + "refsource": "MISC", + "name": "https://github.com/moyangzhan/langchain4j-aideepin/security/advisories/GHSA-cv5r-73vf-8x7v" + }, + { + "url": "https://github.com/moyangzhan/langchain4j-aideepin/commit/3cf625c5044a151a8cbcbdf98e10b4b46b8a975a", + "refsource": "MISC", + "name": "https://github.com/moyangzhan/langchain4j-aideepin/commit/3cf625c5044a151a8cbcbdf98e10b4b46b8a975a" + } + ] + }, + "source": { + "advisory": "GHSA-cv5r-73vf-8x7v", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/21xxx/CVE-2025-21611.json b/2025/21xxx/CVE-2025-21611.json index d2cf4176997..6f887c98035 100644 --- a/2025/21xxx/CVE-2025-21611.json +++ b/2025/21xxx/CVE-2025-21611.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-21611", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "tgstation-server is a production scale tool for BYOND server management. Prior to 6.12.3, roles used to authorize API methods were incorrectly OR'd instead of AND'ed with the role used to determine if a user was enabled. This allows enabled users access to most, but not all, authorized actions regardless of their permissions. Notably, the WriteUsers right is unaffected so users may not use this bug to permanently elevate their account permissions. The fix is release in tgstation-server-v6.12.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization", + "cweId": "CWE-285" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "tgstation", + "product": { + "product_data": [ + { + "product_name": "tgstation-server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 6.11.0, < 6.12.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/tgstation/tgstation-server/security/advisories/GHSA-rf5r-q276-vrc4", + "refsource": "MISC", + "name": "https://github.com/tgstation/tgstation-server/security/advisories/GHSA-rf5r-q276-vrc4" + }, + { + "url": "https://github.com/tgstation/tgstation-server/issues/2064", + "refsource": "MISC", + "name": "https://github.com/tgstation/tgstation-server/issues/2064" + }, + { + "url": "https://github.com/tgstation/tgstation-server/commit/e7b1189620baaf03c2d23f6e164d07c7c7d87d57", + "refsource": "MISC", + "name": "https://github.com/tgstation/tgstation-server/commit/e7b1189620baaf03c2d23f6e164d07c7c7d87d57" + } + ] + }, + "source": { + "advisory": "GHSA-rf5r-q276-vrc4", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/21xxx/CVE-2025-21612.json b/2025/21xxx/CVE-2025-21612.json index 0695c62cbe2..6f06b3f27ec 100644 --- a/2025/21xxx/CVE-2025-21612.json +++ b/2025/21xxx/CVE-2025-21612.json @@ -1,17 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-21612", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Prior to 2.7.2, TabberTransclude.php doesn't escape the user-supplied page name when outputting, so an XSS payload as the page name can be used here. This vulnerability is fixed in 2.7.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", + "cweId": "CWE-80" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "StarCitizenTools", + "product": { + "product_data": [ + { + "product_name": "mediawiki-extensions-TabberNeue", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 1.9.1, < 2.7.2" + }, + { + "version_affected": "=", + "version_value": ">= d8c3db4e5935476e496d979fb01f775d3d3282e6, < f229cab099c69006e25d4bad3579954e481dc566" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/StarCitizenTools/mediawiki-extensions-TabberNeue/security/advisories/GHSA-4x6x-8rm8-c37j", + "refsource": "MISC", + "name": "https://github.com/StarCitizenTools/mediawiki-extensions-TabberNeue/security/advisories/GHSA-4x6x-8rm8-c37j" + }, + { + "url": "https://github.com/StarCitizenTools/mediawiki-extensions-TabberNeue/commit/d8c3db4e5935476e496d979fb01f775d3d3282e6", + "refsource": "MISC", + "name": "https://github.com/StarCitizenTools/mediawiki-extensions-TabberNeue/commit/d8c3db4e5935476e496d979fb01f775d3d3282e6" + }, + { + "url": "https://github.com/StarCitizenTools/mediawiki-extensions-TabberNeue/commit/f229cab099c69006e25d4bad3579954e481dc566", + "refsource": "MISC", + "name": "https://github.com/StarCitizenTools/mediawiki-extensions-TabberNeue/commit/f229cab099c69006e25d4bad3579954e481dc566" + } + ] + }, + "source": { + "advisory": "GHSA-4x6x-8rm8-c37j", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", + "version": "3.1" } ] }