admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-02-27 16:00:33 +00:00
parent 49ceacf2f4
commit 2b83804791
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
10 changed files with 443 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
2025/1xxx/CVE-2025-1247.json
View File

@ -48,6 +48,19 @@
]
}
},
{
"product_name": "Red Hat build of Quarkus 3.8.6.SP3",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat build of Apache Camel for Quarkus",
"version": {
@ -69,6 +82,11 @@
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2025:1884",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2025:1884"
},
{
"url": "https://access.redhat.com/errata/RHSA-2025:1885",
"refsource": "MISC",

18
2025/1xxx/CVE-2025-1634.json
View File

@ -48,6 +48,19 @@
]
}
},
{
"product_name": "Red Hat build of Quarkus 3.8.6.SP3",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat build of Apache Camel for Quarkus",
"version": {
@ -69,6 +82,11 @@
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2025:1884",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2025:1884"
},
{
"url": "https://access.redhat.com/errata/RHSA-2025:1885",
"refsource": "MISC",

2
2025/1xxx/CVE-2025-1691.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "The MongoDB Shell may be susceptible to control character injection where an attacker with control of the mongosh autocomplete feature, can use the autocompletion feature to input and run obfuscated malicious text. This requires user interaction in the form of the user using \u2018tab\u2019 to autocomplete text that is a prefix of the attacker\u2019s prepared autocompletion. This issue affects mongosh versions prior to\u00a02.3.9.\u00a0\n\n\n\n\nThe vulnerability is exploitable only when mongosh is connected to a cluster that is partially or fully controlled by an attacker."
"value": "The MongoDB Shell may be susceptible to control character injection where an attacker with control of the mongosh autocomplete feature, can use the autocompletion feature to input and run obfuscated malicious text. This requires user interaction in the form of the user using \u2018tab\u2019 to autocomplete text that is a prefix of the attacker\u2019s prepared autocompletion. This issue affects mongosh versions prior to\u00a02.3.9.\u00a0\n\n\nThe vulnerability is exploitable only when mongosh is connected to a cluster that is partially or fully controlled by an attacker."
}
]
},

98
2025/1xxx/CVE-2025-1755.json
View File

@ -1,17 +1,107 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1755",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@mongodb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\\node_modules\\. This issue affects MongoDB Compass prior to 1.42.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-426: Untrusted Search Path",
"cweId": "CWE-426"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MongoDB Inc",
"product": {
"product_data": [
{
"product_name": "MongoDB Compass",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.42.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://jira.mongodb.org/browse/COMPASS-9058",
"refsource": "MISC",
"name": "https://jira.mongodb.org/browse/COMPASS-9058"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"configuration": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<div><p>Only environments with Windows as the underlying operating system is affected by this issue</p></div>"
}
],
"value": "Only environments with Windows as the underlying operating system is affected by this issue"
}
],
"credits": [
{
"lang": "en",
"value": "T. Do\u011fa Geli\u015fli"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

98
2025/1xxx/CVE-2025-1756.json
View File

@ -1,17 +1,107 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1756",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@mongodb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\\node_modules\\. This issue affects mongosh prior to 2.3.0"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-426: Untrusted Search Path",
"cweId": "CWE-426"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MongoDB Inc",
"product": {
"product_data": [
{
"product_name": "mongosh",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "2.3.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://jira.mongodb.org/browse/MONGOSH-2028",
"refsource": "MISC",
"name": "https://jira.mongodb.org/browse/MONGOSH-2028"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"configuration": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Only environments with Windows as the underlying operating system is affected by this issue</p><br>"
}
],
"value": "Only environments with Windows as the underlying operating system is affected by this issue"
}
],
"credits": [
{
"lang": "en",
"value": "T. Do\u011fa Geli\u015fli"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

18
2025/1xxx/CVE-2025-1757.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1757",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

56
2025/25xxx/CVE-2025-25330.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-25330",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2025-25330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue in Boohee Technology Boohee Health iOS 13.0.13 allows attackers to access sensitive user information via supplying a crafted payload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/ZhouZiyi1/Vuls/blob/main/250116-BooheeHealth/250116-BooheeHealth.pdf",
"refsource": "MISC",
"name": "https://github.com/ZhouZiyi1/Vuls/blob/main/250116-BooheeHealth/250116-BooheeHealth.pdf"
}
]
}

56
2025/25xxx/CVE-2025-25331.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-25331",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2025-25331",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue in Beitatong Technology LianJia iOS 9.83.50 allows attackers to access sensitive user information via supplying a crafted payload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/ZhouZiyi1/Vuls/blob/main/250116-LianJia/250116-LianJia.pdf",
"refsource": "MISC",
"name": "https://github.com/ZhouZiyi1/Vuls/blob/main/250116-LianJia/250116-LianJia.pdf"
}
]
}

56
2025/25xxx/CVE-2025-25333.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-25333",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2025-25333",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue in IKEA CN iOS 4.13.0 allows attackers to access sensitive user information via supplying a crafted payload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/ZhouZiyi1/Vuls/blob/main/250116-IKEACN/250116-IKEACN.pdf",
"refsource": "MISC",
"name": "https://github.com/ZhouZiyi1/Vuls/blob/main/250116-IKEACN/250116-IKEACN.pdf"
}
]
}

56
2025/25xxx/CVE-2025-25334.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-25334",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2025-25334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue in Suning Commerce Group Suning EMall iOS 9.5.198 allows attackers to access sensitive user information via supplying a crafted payload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/ZhouZiyi1/Vuls/blob/main/250116-SuningEMall/250116-SuningEMall.pdf",
"refsource": "MISC",
"name": "https://github.com/ZhouZiyi1/Vuls/blob/main/250116-SuningEMall/250116-SuningEMall.pdf"
}
]
}