From 2d2f0f7b6c26c590dfe1b925592a8a314334d320 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 2 Apr 2025 21:02:44 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/1xxx/CVE-2018-1472.json | 16 ++-- 2023/0xxx/CVE-2023-0881.json | 90 +++++++++++++++++- 2023/33xxx/CVE-2023-33302.json | 161 ++++++++++++++++++++++++++++++++- 2023/40xxx/CVE-2023-40714.json | 93 ++++++++++++++++++- 2023/52xxx/CVE-2023-52990.json | 78 +--------------- 2024/12xxx/CVE-2024-12021.json | 82 ++++++++++++++++- 2024/12xxx/CVE-2024-12189.json | 76 +++++++++++++++- 2024/12xxx/CVE-2024-12278.json | 81 ++++++++++++++++- 2024/12xxx/CVE-2024-12410.json | 76 +++++++++++++++- 2024/12xxx/CVE-2024-12858.json | 118 +----------------------- 2024/13xxx/CVE-2024-13553.json | 81 ++++++++++++++++- 2024/13xxx/CVE-2024-13567.json | 86 +++++++++++++++++- 2024/13xxx/CVE-2024-13637.json | 86 +++++++++++++++++- 2025/21xxx/CVE-2025-21945.json | 125 ++++++++++++++++++++++++- 2025/21xxx/CVE-2025-21966.json | 114 ++++++++++++++++++++++- 2025/29xxx/CVE-2025-29063.json | 61 +++++++++++-- 2025/29xxx/CVE-2025-29085.json | 56 ++++++++++-- 2025/29xxx/CVE-2025-29868.json | 73 ++++++++++++++- 2025/29xxx/CVE-2025-29908.json | 86 +++++++++++++++++- 2025/29xxx/CVE-2025-29929.json | 91 ++++++++++++++++++- 2025/29xxx/CVE-2025-29981.json | 85 ++++++++++++++++- 2025/2xxx/CVE-2025-2963.json | 2 +- 2025/2xxx/CVE-2025-2964.json | 2 +- 2025/2xxx/CVE-2025-2965.json | 2 +- 2025/2xxx/CVE-2025-2982.json | 84 ++++++++++++++++- 2025/2xxx/CVE-2025-2983.json | 93 ++++++++++++++++++- 2025/2xxx/CVE-2025-2984.json | 114 ++++++++++++++++++++++- 2025/2xxx/CVE-2025-2985.json | 114 ++++++++++++++++++++++- 2025/2xxx/CVE-2025-2989.json | 114 ++++++++++++++++++++++- 2025/2xxx/CVE-2025-2990.json | 114 ++++++++++++++++++++++- 2025/2xxx/CVE-2025-2991.json | 114 ++++++++++++++++++++++- 2025/2xxx/CVE-2025-2992.json | 114 ++++++++++++++++++++++- 2025/2xxx/CVE-2025-2993.json | 114 ++++++++++++++++++++++- 2025/2xxx/CVE-2025-2994.json | 114 ++++++++++++++++++++++- 2025/2xxx/CVE-2025-2995.json | 114 ++++++++++++++++++++++- 2025/2xxx/CVE-2025-2996.json | 114 ++++++++++++++++++++++- 2025/2xxx/CVE-2025-2997.json | 100 +++++++++++++++++++- 2025/2xxx/CVE-2025-2998.json | 105 ++++++++++++++++++++- 2025/30xxx/CVE-2025-30892.json | 113 ++++++++++++++++++++++- 2025/30xxx/CVE-2025-30901.json | 113 ++++++++++++++++++++++- 2025/30xxx/CVE-2025-30902.json | 113 ++++++++++++++++++++++- 2025/30xxx/CVE-2025-30905.json | 113 ++++++++++++++++++++++- 2025/30xxx/CVE-2025-30906.json | 113 ++++++++++++++++++++++- 2025/30xxx/CVE-2025-30910.json | 113 ++++++++++++++++++++++- 2025/30xxx/CVE-2025-30911.json | 113 ++++++++++++++++++++++- 2025/30xxx/CVE-2025-30913.json | 113 ++++++++++++++++++++++- 2025/30xxx/CVE-2025-30917.json | 113 ++++++++++++++++++++++- 2025/31xxx/CVE-2025-31535.json | 18 ++++ 2025/31xxx/CVE-2025-31536.json | 18 ++++ 2025/31xxx/CVE-2025-31537.json | 18 ++++ 2025/31xxx/CVE-2025-31538.json | 18 ++++ 2025/31xxx/CVE-2025-31539.json | 18 ++++ 2025/31xxx/CVE-2025-31540.json | 18 ++++ 2025/31xxx/CVE-2025-31541.json | 18 ++++ 2025/31xxx/CVE-2025-31542.json | 18 ++++ 2025/31xxx/CVE-2025-31543.json | 18 ++++ 2025/31xxx/CVE-2025-31544.json | 18 ++++ 2025/31xxx/CVE-2025-31545.json | 18 ++++ 2025/31xxx/CVE-2025-31546.json | 18 ++++ 2025/31xxx/CVE-2025-31547.json | 18 ++++ 2025/31xxx/CVE-2025-31548.json | 18 ++++ 2025/31xxx/CVE-2025-31549.json | 18 ++++ 2025/31xxx/CVE-2025-31550.json | 18 ++++ 2025/31xxx/CVE-2025-31551.json | 18 ++++ 2025/31xxx/CVE-2025-31552.json | 18 ++++ 2025/31xxx/CVE-2025-31855.json | 18 ++++ 2025/31xxx/CVE-2025-31856.json | 18 ++++ 2025/31xxx/CVE-2025-31857.json | 18 ++++ 2025/31xxx/CVE-2025-31858.json | 18 ++++ 2025/31xxx/CVE-2025-31859.json | 18 ++++ 2025/31xxx/CVE-2025-31860.json | 18 ++++ 2025/31xxx/CVE-2025-31861.json | 18 ++++ 2025/31xxx/CVE-2025-31862.json | 18 ++++ 2025/31xxx/CVE-2025-31863.json | 18 ++++ 2025/31xxx/CVE-2025-31864.json | 18 ++++ 2025/31xxx/CVE-2025-31865.json | 18 ++++ 2025/31xxx/CVE-2025-31866.json | 18 ++++ 2025/31xxx/CVE-2025-31867.json | 18 ++++ 2025/31xxx/CVE-2025-31868.json | 18 ++++ 2025/31xxx/CVE-2025-31869.json | 18 ++++ 2025/31xxx/CVE-2025-31870.json | 18 ++++ 2025/31xxx/CVE-2025-31871.json | 18 ++++ 2025/3xxx/CVE-2025-3053.json | 18 ++++ 2025/3xxx/CVE-2025-3054.json | 18 ++++ 2025/3xxx/CVE-2025-3055.json | 18 ++++ 2025/3xxx/CVE-2025-3056.json | 18 ++++ 2025/3xxx/CVE-2025-3058.json | 18 ++++ 2025/3xxx/CVE-2025-3063.json | 76 +--------------- 2025/3xxx/CVE-2025-3064.json | 18 ++++ 2025/3xxx/CVE-2025-3065.json | 18 ++++ 2025/3xxx/CVE-2025-3075.json | 18 ++++ 2025/3xxx/CVE-2025-3076.json | 18 ++++ 2025/3xxx/CVE-2025-3077.json | 18 ++++ 2025/3xxx/CVE-2025-3084.json | 94 +------------------ 2025/3xxx/CVE-2025-3085.json | 107 +--------------------- 2025/3xxx/CVE-2025-3097.json | 18 ++++ 2025/3xxx/CVE-2025-3098.json | 18 ++++ 2025/3xxx/CVE-2025-3099.json | 18 ++++ 2025/3xxx/CVE-2025-3100.json | 18 ++++ 2025/3xxx/CVE-2025-3101.json | 18 ++++ 100 files changed, 4899 insertions(+), 638 deletions(-) create mode 100644 2025/31xxx/CVE-2025-31535.json create mode 100644 2025/31xxx/CVE-2025-31536.json create mode 100644 2025/31xxx/CVE-2025-31537.json create mode 100644 2025/31xxx/CVE-2025-31538.json create mode 100644 2025/31xxx/CVE-2025-31539.json create mode 100644 2025/31xxx/CVE-2025-31540.json create mode 100644 2025/31xxx/CVE-2025-31541.json create mode 100644 2025/31xxx/CVE-2025-31542.json create mode 100644 2025/31xxx/CVE-2025-31543.json create mode 100644 2025/31xxx/CVE-2025-31544.json create mode 100644 2025/31xxx/CVE-2025-31545.json create mode 100644 2025/31xxx/CVE-2025-31546.json create mode 100644 2025/31xxx/CVE-2025-31547.json create mode 100644 2025/31xxx/CVE-2025-31548.json create mode 100644 2025/31xxx/CVE-2025-31549.json create mode 100644 2025/31xxx/CVE-2025-31550.json create mode 100644 2025/31xxx/CVE-2025-31551.json create mode 100644 2025/31xxx/CVE-2025-31552.json create mode 100644 2025/31xxx/CVE-2025-31855.json create mode 100644 2025/31xxx/CVE-2025-31856.json create mode 100644 2025/31xxx/CVE-2025-31857.json create mode 100644 2025/31xxx/CVE-2025-31858.json create mode 100644 2025/31xxx/CVE-2025-31859.json create mode 100644 2025/31xxx/CVE-2025-31860.json create mode 100644 2025/31xxx/CVE-2025-31861.json create mode 100644 2025/31xxx/CVE-2025-31862.json create mode 100644 2025/31xxx/CVE-2025-31863.json create mode 100644 2025/31xxx/CVE-2025-31864.json create mode 100644 2025/31xxx/CVE-2025-31865.json create mode 100644 2025/31xxx/CVE-2025-31866.json create mode 100644 2025/31xxx/CVE-2025-31867.json create mode 100644 2025/31xxx/CVE-2025-31868.json create mode 100644 2025/31xxx/CVE-2025-31869.json create mode 100644 2025/31xxx/CVE-2025-31870.json create mode 100644 2025/31xxx/CVE-2025-31871.json create mode 100644 2025/3xxx/CVE-2025-3053.json create mode 100644 2025/3xxx/CVE-2025-3054.json create mode 100644 2025/3xxx/CVE-2025-3055.json create mode 100644 2025/3xxx/CVE-2025-3056.json create mode 100644 2025/3xxx/CVE-2025-3058.json create mode 100644 2025/3xxx/CVE-2025-3064.json create mode 100644 2025/3xxx/CVE-2025-3065.json create mode 100644 2025/3xxx/CVE-2025-3075.json create mode 100644 2025/3xxx/CVE-2025-3076.json create mode 100644 2025/3xxx/CVE-2025-3077.json create mode 100644 2025/3xxx/CVE-2025-3097.json create mode 100644 2025/3xxx/CVE-2025-3098.json create mode 100644 2025/3xxx/CVE-2025-3099.json create mode 100644 2025/3xxx/CVE-2025-3100.json create mode 100644 2025/3xxx/CVE-2025-3101.json diff --git a/2018/1xxx/CVE-2018-1472.json b/2018/1xxx/CVE-2018-1472.json index 6010a982cd2..b1431360a71 100644 --- a/2018/1xxx/CVE-2018-1472.json +++ b/2018/1xxx/CVE-2018-1472.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-1472", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2018-1472", + "ASSIGNER": "psirt@hcl.com", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was erroneously associated with an open source vulnerability by another vendor." } ] } diff --git a/2023/0xxx/CVE-2023-0881.json b/2023/0xxx/CVE-2023-0881.json index 4c209524bae..d2fa72e8459 100644 --- a/2023/0xxx/CVE-2023-0881.json +++ b/2023/0xxx/CVE-2023-0881.json @@ -1,17 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-0881", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@ubuntu.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Running DDoS on tcp port 22 will trigger a kernel crash. This issue is introduced by the backport of a commit regarding nft_lookup without the subsequent fixes that were introduced after this commit. The resolution of this CVE introduces those commits to the linux-bluefield package." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ubuntu", + "product": { + "product_data": [ + { + "product_name": "Ubuntu package linux-bluefield", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "5.4.0-1001.2", + "version_value": "5.4.0-1058.64" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/2006397", + "refsource": "MISC", + "name": "https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/2006397" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Bodong Wang" + }, + { + "lang": "en", + "value": "Seth Arnold" + }, + { + "lang": "en", + "value": "dann frazier" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/33xxx/CVE-2023-33302.json b/2023/33xxx/CVE-2023-33302.json index 6a7723512db..9c270885881 100644 --- a/2023/33xxx/CVE-2023-33302.json +++ b/2023/33xxx/CVE-2023-33302.json @@ -1,17 +1,170 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-33302", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands", + "cweId": "CWE-120" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiNDR", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7.2.0" + }, + { + "version_affected": "=", + "version_value": "7.1.0" + }, + { + "version_affected": "<=", + "version_name": "7.0.0", + "version_value": "7.0.6" + }, + { + "version_affected": "<=", + "version_name": "1.5.0", + "version_value": "1.5.3" + }, + { + "version_affected": "=", + "version_value": "1.4.0" + }, + { + "version_affected": "<=", + "version_name": "1.3.0", + "version_value": "1.3.1" + }, + { + "version_affected": "=", + "version_value": "1.2.0" + }, + { + "version_affected": "=", + "version_value": "1.1.0" + } + ] + } + }, + { + "product_name": "FortiMail", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "6.4.0", + "version_value": "6.4.4" + }, + { + "version_affected": "<=", + "version_name": "6.2.0", + "version_value": "6.2.6" + }, + { + "version_affected": "<=", + "version_name": "6.0.0", + "version_value": "6.0.10" + }, + { + "version_affected": "<=", + "version_name": "5.4.0", + "version_value": "5.4.12" + }, + { + "version_affected": "<=", + "version_name": "5.3.12", + "version_value": "5.3.13" + }, + { + "version_affected": "<=", + "version_name": "5.3.0", + "version_value": "5.3.10" + }, + { + "version_affected": "<=", + "version_name": "5.2.0", + "version_value": "5.2.10" + }, + { + "version_affected": "<=", + "version_name": "5.1.0", + "version_value": "5.1.7" + }, + { + "version_affected": "<=", + "version_name": "5.0.0", + "version_value": "5.0.11" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-21-023", + "refsource": "MISC", + "name": "https://fortiguard.fortinet.com/psirt/FG-IR-21-023" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Please upgrade to FortiMail version 7.0.0 or above\nPlease upgrade to FortiMail version 6.4.5 or above\nPlease upgrade to FortiMail version 6.2.7 or above\nPlease upgrade to FortiMail version 6.0.11 or above\nPlease upgrade to FortiNDR version 7.2.1 or above" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:C" } ] } diff --git a/2023/40xxx/CVE-2023-40714.json b/2023/40xxx/CVE-2023-40714.json index 24fcb24adef..2f495efb2cf 100644 --- a/2023/40xxx/CVE-2023-40714.json +++ b/2023/40xxx/CVE-2023-40714.json @@ -1,17 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-40714", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.7.2, 6.6.0 through 6.6.3, 6.5.1, 6.5.0 allows attacker to escalate privilege via uploading certain GUI elements" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of privilege", + "cweId": "CWE-23" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiSIEM", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7.0.0" + }, + { + "version_affected": "<=", + "version_name": "6.7.0", + "version_value": "6.7.2" + }, + { + "version_affected": "<=", + "version_name": "6.6.0", + "version_value": "6.6.3" + }, + { + "version_affected": "<=", + "version_name": "6.5.0", + "version_value": "6.5.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-085", + "refsource": "MISC", + "name": "https://fortiguard.com/psirt/FG-IR-23-085" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Please upgrade to FortiSIEM version 7.0.1 or above\nPlease upgrade to FortiSIEM version 6.7.4 or above\nPlease upgrade to FortiSIEM version 6.6.4 or above\nPlease upgrade to FortiSIEM version 6.5.2 or above\nPlease upgrade to FortiSIEM version 6.4.3 or above" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.7, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:X/RC:C" } ] } diff --git a/2023/52xxx/CVE-2023-52990.json b/2023/52xxx/CVE-2023-52990.json index 3557584dbec..493f3b72e54 100644 --- a/2023/52xxx/CVE-2023-52990.json +++ b/2023/52xxx/CVE-2023-52990.json @@ -5,88 +5,14 @@ "CVE_data_meta": { "ID": "CVE-2023-52990", "ASSIGNER": "cve@kernel.org", - "STATE": "PUBLIC" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390: workaround invalid gcc-11 out of bounds read warning\n\nGCC 11.1.0 and 11.2.0 generate a wrong warning when compiling the\nkernel e.g. with allmodconfig:\n\narch/s390/kernel/setup.c: In function \u2018setup_lowcore_dat_on\u2019:\n./include/linux/fortify-string.h:57:33: error: \u2018__builtin_memcpy\u2019 reading 128 bytes from a region of size 0 [-Werror=stringop-overread]\n...\narch/s390/kernel/setup.c:526:9: note: in expansion of macro \u2018memcpy\u2019\n 526 | memcpy(abs_lc->cregs_save_area, S390_lowcore.cregs_save_area,\n | ^~~~~~\n\nThis could be addressed by using absolute_pointer() with the\nS390_lowcore macro, but this is not a good idea since this generates\nworse code for performance critical paths.\n\nTherefore simply use a for loop to copy the array in question and get\nrid of the warning." + "value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Linux", - "product": { - "product_data": [ - { - "product_name": "Linux", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", - "version_value": "1fc24f9da259b675c3cc74ad5aa92dac286543b3" - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "version": "6.1.10", - "lessThanOrEqual": "6.1.*", - "status": "unaffected", - "versionType": "semver" - }, - { - "version": "6.2", - "lessThanOrEqual": "*", - "status": "unaffected", - "versionType": "original_commit_for_fix" - } - ], - "defaultStatus": "affected" - } - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://git.kernel.org/stable/c/1fc24f9da259b675c3cc74ad5aa92dac286543b3", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/1fc24f9da259b675c3cc74ad5aa92dac286543b3" - }, - { - "url": "https://git.kernel.org/stable/c/41e1992665a2701fa025a8b76970c43b4148446f", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/41e1992665a2701fa025a8b76970c43b4148446f" - } - ] - }, - "generator": { - "engine": "bippy-5f407fcff5a0" } } \ No newline at end of file diff --git a/2024/12xxx/CVE-2024-12021.json b/2024/12xxx/CVE-2024-12021.json index 1b9900bb7e4..37074e9cd74 100644 --- a/2024/12xxx/CVE-2024-12021.json +++ b/2024/12xxx/CVE-2024-12021.json @@ -1,18 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-12021", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@blackduck.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Coverity versions prior to 2024.9.0 are vulnerable to stored cross-site scripting (XSS) in various administrative interfaces. The impact of exploitation may result in the compromise of local accounts managed by the Coverity platform as well as other standard impacts resulting from cross-site scripting." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Black Duck", + "product": { + "product_data": [ + { + "product_name": "Coverity", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "2024.9.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://community.blackduck.com/s/article/Black-Duck-Product-Security-Advisory-CVE-2024-12021", + "refsource": "MISC", + "name": "https://community.blackduck.com/s/article/Black-Duck-Product-Security-Advisory-CVE-2024-12021" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Upgrade the Coverity Platform version to 2024.9.0 at a minimum." + } + ], + "value": "Upgrade the Coverity Platform version to 2024.9.0 at a minimum." + } + ], + "credits": [ + { + "lang": "en", + "value": "Jozef Frantisek Stefanovic" + } + ] } \ No newline at end of file diff --git a/2024/12xxx/CVE-2024-12189.json b/2024/12xxx/CVE-2024-12189.json index d6c912d216f..8e4183745f0 100644 --- a/2024/12xxx/CVE-2024-12189.json +++ b/2024/12xxx/CVE-2024-12189.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-12189", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WDesignKit \u2013 Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom widgets in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "posimyththemes", + "product": { + "product_data": [ + { + "product_name": "WDesignKit \u2013 Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.2.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2e936214-ee25-4763-ba7a-b5308cc09a57?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2e936214-ee25-4763-ba7a-b5308cc09a57?source=cve" + }, + { + "url": "https://wordpress.org/plugins/wdesignkit/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/wdesignkit/#developers" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Ankit Patel" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/12xxx/CVE-2024-12278.json b/2024/12xxx/CVE-2024-12278.json index be2af7116cc..e80e36e9e84 100644 --- a/2024/12xxx/CVE-2024-12278.json +++ b/2024/12xxx/CVE-2024-12278.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-12278", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via any location that typically sanitizes data using wp_kses, like comments, in all versions up to, and including, 7.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "pluggabl", + "product": { + "product_data": [ + { + "product_name": "Booster for WooCommerce", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "7.2.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/234789db-1440-40ac-83e7-b8afb0ba4b5f?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/234789db-1440-40ac-83e7-b8afb0ba4b5f?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/woocommerce-jetpack/trunk/includes/functions/wcj-functions-general.php#L1015", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/woocommerce-jetpack/trunk/includes/functions/wcj-functions-general.php#L1015" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3262569/woocommerce-jetpack/trunk/includes/functions/wcj-functions-general.php", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3262569/woocommerce-jetpack/trunk/includes/functions/wcj-functions-general.php" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Craig Smith" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 7.2, + "baseSeverity": "HIGH" } ] } diff --git a/2024/12xxx/CVE-2024-12410.json b/2024/12xxx/CVE-2024-12410.json index 74946e1867a..5631185b4e1 100644 --- a/2024/12xxx/CVE-2024-12410.json +++ b/2024/12xxx/CVE-2024-12410.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-12410", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Front End Users plugin for WordPress is vulnerable to SQL Injection via the 'UserSearchField' parameter in all versions up to, and including, 3.2.32 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "rustaurius", + "product": { + "product_data": [ + { + "product_name": "Front End Users", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "3.2.32" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/975ddadd-12f8-4ace-9c1a-489114a2da6a?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/975ddadd-12f8-4ace-9c1a-489114a2da6a?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/front-end-only-users/trunk/html/UsersPage.php#L55", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/front-end-only-users/trunk/html/UsersPage.php#L55" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Colin Xu" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/12xxx/CVE-2024-12858.json b/2024/12xxx/CVE-2024-12858.json index 6f7f3a54237..ce58c869045 100644 --- a/2024/12xxx/CVE-2024-12858.json +++ b/2024/12xxx/CVE-2024-12858.json @@ -5,127 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2024-12858", "ASSIGNER": "ics-cert@hq.dhs.gov", - "STATE": "PUBLIC" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "Delta Electronics CNCSoft-G2 Version 2.1.0.16 and prior lacks proper \nvalidation of the length of user-supplied data prior to copying it to a \nfixed-length heap-based buffer. If a target visits a malicious page or \nopens a malicious file an attacker can leverage this vulnerability to \nexecute code in the context of the current process." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-122 Heap-based Buffer Overflow", - "cweId": "CWE-122" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Delta Electronics", - "product": { - "product_data": [ - { - "product_name": "CNCSoft-G2", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "0", - "version_value": "2.1.0.16" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-01", - "refsource": "MISC", - "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-01" - }, - { - "url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00002_CNCSoft-G2%20-%20Heap-based%20Buffer%20Overflow_v2.pdf", - "refsource": "MISC", - "name": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00002_CNCSoft-G2%20-%20Heap-based%20Buffer%20Overflow_v2.pdf" - }, - { - "url": "https://downloadcenter.delta-china.com.cn/zh-CN/DownloadCenter?v=1&q=cncsoft&sort_expr=cdate&sort_dir=DESC", - "refsource": "MISC", - "name": "https://downloadcenter.delta-china.com.cn/zh-CN/DownloadCenter?v=1&q=cncsoft&sort_expr=cdate&sort_dir=DESC" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.2.0" - }, - "source": { - "advisory": "ICSA-24-191-01", - "discovery": "EXTERNAL" - }, - "work_around": [ - { - "lang": "en", - "supportingMedia": [ - { - "base64": false, - "type": "text/html", - "value": "
\n

Delta also recommends the following general security practices:

\n\n

If you have any product-related support concerns, please find a contact from Delta's portal page to reach them for any information or materials you may require.\n\n
\n

Delta has published Delta-PCSA-2025-00002 in both English and Chinese on their security website to provide more details about these issues.\n\n
" - } - ], - "value": "Delta also recommends the following general security practices:\n\n\n\n * Don't click on untrusted Internet links or open unsolicited attachments in emails.\n\n * Avoid exposing control systems and equipment to the Internet.\n\n * Place systems and devices behind a firewall and isolate them from the business network.\n\n * When remote access is required, use a secure access method, such as a virtual private network (VPN).\n\n\n\n\nIf you have any product-related support concerns, please find a contact from Delta's portal page https://www.deltaww.com/en-US/Customer-Service to reach them for any information or materials you may require.\n\n\n\n\n\n\n\nDelta has published Delta-PCSA-2025-00002 https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00002_CNCSoft-G2%20-%20Heap-based%20Buffer%20Overflow_v2.pdf in both English and Chinese on their security website to provide more details about these issues." - } - ], - "solution": [ - { - "lang": "en", - "supportingMedia": [ - { - "base64": false, - "type": "text/html", - "value": "
Delta Electronics recommends users update to CNCSoft-G2 V2.1.0.10 or later.

\nDelta has published Delta-PCSA-2025-00002 in both English and Chinese on their security website to provide more details about these issues.\n\n
\n\n
" - } - ], - "value": "Delta Electronics recommends users update to CNCSoft-G2 V2.1.0.10 https://downloadcenter.deltaww.com/en-US/DownloadCenter \u00a0or later.\n\n\n\n\n\nDelta has published Delta-PCSA-2025-00002 https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00002_CNCSoft-G2%20-%20Heap-based%20Buffer%20Overflow_v2.pdf in both English and Chinese on their security website to provide more details about these issues." - } - ], - "credits": [ - { - "lang": "en", - "value": "Bobby Gould and Fritz Sands of Trend Micro Zero Day Initiative reported these vulnerabilities to CISA." - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.1" + "value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.\n*** Duplicate of \nCVE-2025-22880\n\n***" } ] } diff --git a/2024/13xxx/CVE-2024-13553.json b/2024/13xxx/CVE-2024-13553.json index 338f18951fc..590e1554630 100644 --- a/2024/13xxx/CVE-2024-13553.json +++ b/2024/13xxx/CVE-2024-13553.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-13553", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The SMS Alert Order Notifications \u2013 WooCommerce plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.7.9. This is due to the plugin using the Host header to determine if the plugin is in a playground environment. This makes it possible for unauthenticated attackers to spoof the Host header to make the OTP code \"1234\" and authenticate as any user, including administrators." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel", + "cweId": "CWE-288" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "cozyvision1", + "product": { + "product_data": [ + { + "product_name": "SMS Alert Order Notifications \u2013 WooCommerce", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "3.7.9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4e444a30-11c5-4219-b4fe-635084cbac3a?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4e444a30-11c5-4219-b4fe-635084cbac3a?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3248017%40sms-alert&new=3248017%40sms-alert&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3248017%40sms-alert&new=3248017%40sms-alert&sfp_email=&sfph_mail=" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3227241%40sms-alert&new=3227241%40sms-alert&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3227241%40sms-alert&new=3227241%40sms-alert&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Lucio S\u00e1" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" } ] } diff --git a/2024/13xxx/CVE-2024-13567.json b/2024/13xxx/CVE-2024-13567.json index dcbe2ea9c10..9fe545a26a3 100644 --- a/2024/13xxx/CVE-2024-13567.json +++ b/2024/13xxx/CVE-2024-13567.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-13567", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Awesome Support \u2013 WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.3.1 via the 'awesome-support' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/awesome-support directory which can contain file attachments included in support tickets. The vulnerability was partially patched in version 6.3.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "awesomesupport", + "product": { + "product_data": [ + { + "product_name": "Awesome Support \u2013 WordPress HelpDesk & Support Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "6.3.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/24c54ef5-ad02-4767-bca6-f74c539d3068?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/24c54ef5-ad02-4767-bca6-f74c539d3068?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/awesome-support/trunk/includes/file-uploader/class-file-uploader.php", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/awesome-support/trunk/includes/file-uploader/class-file-uploader.php" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3250497/", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3250497/" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3262629/", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3262629/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Tim Coen" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH" } ] } diff --git a/2024/13xxx/CVE-2024-13637.json b/2024/13xxx/CVE-2024-13637.json index ab3126b9f72..27c954ff5fe 100644 --- a/2024/13xxx/CVE-2024-13637.json +++ b/2024/13xxx/CVE-2024-13637.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-13637", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Demo Awesome plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the install_plugin function in all versions up to, and including, 1.0.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate arbitrary plugins.." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "romik84", + "product": { + "product_data": [ + { + "product_name": "Demo Awesome", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.0.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9a552f81-b222-46f0-b318-702e09d249c1?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9a552f81-b222-46f0-b318-702e09d249c1?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/demo-awesome/trunk/inc/admin/js/admin.js#L1684", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/demo-awesome/trunk/inc/admin/js/admin.js#L1684" + }, + { + "url": "https://wordpress.org/plugins/demo-awesome/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/demo-awesome/#developers" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/demo-awesome/trunk/inc/admin/class-demo-awesome-admin.php#L407", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/demo-awesome/trunk/inc/admin/class-demo-awesome-admin.php#L407" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Krzysztof Zaj\u0105c" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" } ] } diff --git a/2025/21xxx/CVE-2025-21945.json b/2025/21xxx/CVE-2025-21945.json index 5c24ff24384..571c853377e 100644 --- a/2025/21xxx/CVE-2025-21945.json +++ b/2025/21xxx/CVE-2025-21945.json @@ -1,18 +1,135 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-21945", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix use-after-free in smb2_lock\n\nIf smb_lock->zero_len has value, ->llist of smb_lock is not delete and\nflock is old one. It will cause use-after-free on error handling\nroutine." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0626e6641f6b467447c81dd7678a69c66f7746cf", + "version_value": "410ce35a2ed6d0e114132bba29af49b69880c8c7" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.15", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.15", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1.131", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.6.83", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.12.19", + "lessThanOrEqual": "6.12.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.13.7", + "lessThanOrEqual": "6.13.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.14", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/410ce35a2ed6d0e114132bba29af49b69880c8c7", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/410ce35a2ed6d0e114132bba29af49b69880c8c7" + }, + { + "url": "https://git.kernel.org/stable/c/8573571060ca466cbef2c6f03306b2cc7b883506", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/8573571060ca466cbef2c6f03306b2cc7b883506" + }, + { + "url": "https://git.kernel.org/stable/c/a0609097fd10d618aed4864038393dd75131289e", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/a0609097fd10d618aed4864038393dd75131289e" + }, + { + "url": "https://git.kernel.org/stable/c/636e021646cf9b52ddfea7c809b018e91f2188cb", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/636e021646cf9b52ddfea7c809b018e91f2188cb" + }, + { + "url": "https://git.kernel.org/stable/c/84d2d1641b71dec326e8736a749b7ee76a9599fc", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/84d2d1641b71dec326e8736a749b7ee76a9599fc" + } + ] + }, + "generator": { + "engine": "bippy-7c5fe7eed585" } } \ No newline at end of file diff --git a/2025/21xxx/CVE-2025-21966.json b/2025/21xxx/CVE-2025-21966.json index c457c4b4389..a5b647affa5 100644 --- a/2025/21xxx/CVE-2025-21966.json +++ b/2025/21xxx/CVE-2025-21966.json @@ -1,18 +1,124 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-21966", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-flakey: Fix memory corruption in optional corrupt_bio_byte feature\n\nFix memory corruption due to incorrect parameter being passed to bio_init" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1d9a943898533e83f20370c0e1448d606627522e", + "version_value": "818330f756f3800c37d738bd36bce60eac949938" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.5", + "status": "affected" + }, + { + "version": "0", + "lessThan": "6.5", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.6.84", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.12.20", + "lessThanOrEqual": "6.12.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.13.8", + "lessThanOrEqual": "6.13.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.14", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/818330f756f3800c37d738bd36bce60eac949938", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/818330f756f3800c37d738bd36bce60eac949938" + }, + { + "url": "https://git.kernel.org/stable/c/5a87e46da2418c57b445371f5ca0958d5779ba5f", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/5a87e46da2418c57b445371f5ca0958d5779ba5f" + }, + { + "url": "https://git.kernel.org/stable/c/da070843e153471be4297a12fdaa64023276f40e", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/da070843e153471be4297a12fdaa64023276f40e" + }, + { + "url": "https://git.kernel.org/stable/c/57e9417f69839cb10f7ffca684c38acd28ceb57b", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/57e9417f69839cb10f7ffca684c38acd28ceb57b" + } + ] + }, + "generator": { + "engine": "bippy-7c5fe7eed585" } } \ No newline at end of file diff --git a/2025/29xxx/CVE-2025-29063.json b/2025/29xxx/CVE-2025-29063.json index 76500fe858c..c8fbebc870f 100644 --- a/2025/29xxx/CVE-2025-29063.json +++ b/2025/29xxx/CVE-2025-29063.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-29063", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-29063", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in BL-AC2100 V1.0.4 and before allows a remote attacker to execute arbitrary code via the enable parameter passed to /goform/set_hidessid_cfg is not handled properly." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.yuque.com/jichujiliangdanwei/vwbq9e/ux1426h170rhgfn7", + "url": "https://www.yuque.com/jichujiliangdanwei/vwbq9e/ux1426h170rhgfn7" + }, + { + "url": "https://www.yuque.com/jichujiliangdanwei/vwbq9e/grfgkm2kvk6btwbp", + "refsource": "MISC", + "name": "https://www.yuque.com/jichujiliangdanwei/vwbq9e/grfgkm2kvk6btwbp" } ] } diff --git a/2025/29xxx/CVE-2025-29085.json b/2025/29xxx/CVE-2025-29085.json index cc58efd7b43..5f1137ff0f0 100644 --- a/2025/29xxx/CVE-2025-29085.json +++ b/2025/29xxx/CVE-2025-29085.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-29085", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-29085", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerability in vipshop Saturn v.3.5.1 and before allows a remote attacker to execute arbitrary code via /console/dashboard/executorCount?zkClusterKey component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gist.github.com/Cafe-Tea/bcef0d7a2bdb5ec8e0d69de852fdc900", + "url": "https://gist.github.com/Cafe-Tea/bcef0d7a2bdb5ec8e0d69de852fdc900" } ] } diff --git a/2025/29xxx/CVE-2025-29868.json b/2025/29xxx/CVE-2025-29868.json index a88649558d7..b022e895723 100644 --- a/2025/29xxx/CVE-2025-29868.json +++ b/2025/29xxx/CVE-2025-29868.json @@ -1,18 +1,81 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-29868", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Private Data Structure Returned From A Public Method vulnerability in Apache Answer.\n\nThis issue affects Apache Answer: through 1.4.2.\n\nIf a user uses an externally referenced image, when a user accesses this image, the provider of the image may obtain private information about the ip address of that accessing user.\nUsers are recommended to upgrade to version 1.4.5, which fixes the issue.\u00a0In the new version, administrators can set whether external content can be displayed." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-495 Private Data Structure Returned From A Public Method", + "cweId": "CWE-495" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Answer", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "1.4.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://lists.apache.org/thread/l7pohw5g03g3qsvrz8pqc9t29mdv5lhf", + "refsource": "MISC", + "name": "https://lists.apache.org/thread/l7pohw5g03g3qsvrz8pqc9t29mdv5lhf" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Hamed Kohi" + }, + { + "lang": "en", + "value": "Luke Smith" + } + ] } \ No newline at end of file diff --git a/2025/29xxx/CVE-2025-29908.json b/2025/29xxx/CVE-2025-29908.json index b4f5e0ebe08..36b353f6098 100644 --- a/2025/29xxx/CVE-2025-29908.json +++ b/2025/29xxx/CVE-2025-29908.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-29908", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Netty QUIC codec is a QUIC codec for netty which makes use of quiche. An issue was discovered in the codec. A hash collision vulnerability (in the hash map used to manage connections) allows remote attackers to cause a considerable CPU load on the server (a Hash DoS attack) by initiating connections with colliding Source Connection IDs (SCIDs). This vulnerability is fixed in 0.0.71.Final." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-407: Inefficient Algorithmic Complexity", + "cweId": "CWE-407" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "netty", + "product": { + "product_data": [ + { + "product_name": "netty-incubator-codec-quic", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 0.0.71.Final" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/netty/netty-incubator-codec-quic/security/advisories/GHSA-hqqc-jr88-p6x2", + "refsource": "MISC", + "name": "https://github.com/netty/netty-incubator-codec-quic/security/advisories/GHSA-hqqc-jr88-p6x2" + }, + { + "url": "https://github.com/netty/netty-incubator-codec-quic/commit/e059bd9b78723f8b035e0c547e42ce263f03461c", + "refsource": "MISC", + "name": "https://github.com/netty/netty-incubator-codec-quic/commit/e059bd9b78723f8b035e0c547e42ce263f03461c" + }, + { + "url": "https://github.com/ncc-pbottine/QUIC-Hash-Dos-Advisory", + "refsource": "MISC", + "name": "https://github.com/ncc-pbottine/QUIC-Hash-Dos-Advisory" + } + ] + }, + "source": { + "advisory": "GHSA-hqqc-jr88-p6x2", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2025/29xxx/CVE-2025-29929.json b/2025/29xxx/CVE-2025-29929.json index 5d7cd038585..8c359a5a91d 100644 --- a/2025/29xxx/CVE-2025-29929.json +++ b/2025/29xxx/CVE-2025-29929.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-29929", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap is missing CSRF protection on tracker hierarchy administration. An attacker could use this vulnerability to trick victims into submitting or editing artifacts or follow-up comments. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742306712 and Tuleap Enterprise Edition 16.5-5 and 16.4-8." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352: Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Enalean", + "product": { + "product_data": [ + { + "product_name": "tuleap", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 16.5.99.1742306712" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-hqqr-p5f6-26vv", + "refsource": "MISC", + "name": "https://github.com/Enalean/tuleap/security/advisories/GHSA-hqqr-p5f6-26vv" + }, + { + "url": "https://github.com/Enalean/tuleap/commit/dce61747f3a169da1f6b585ad5e6e0847fa3c950", + "refsource": "MISC", + "name": "https://github.com/Enalean/tuleap/commit/dce61747f3a169da1f6b585ad5e6e0847fa3c950" + }, + { + "url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=dce61747f3a169da1f6b585ad5e6e0847fa3c950", + "refsource": "MISC", + "name": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=dce61747f3a169da1f6b585ad5e6e0847fa3c950" + }, + { + "url": "https://tuleap.net/plugins/tracker/?aid=42231", + "refsource": "MISC", + "name": "https://tuleap.net/plugins/tracker/?aid=42231" + } + ] + }, + "source": { + "advisory": "GHSA-hqqr-p5f6-26vv", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "version": "3.1" } ] } diff --git a/2025/29xxx/CVE-2025-29981.json b/2025/29xxx/CVE-2025-29981.json index e2ea76ca4cb..1923a5151c7 100644 --- a/2025/29xxx/CVE-2025-29981.json +++ b/2025/29xxx/CVE-2025-29981.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-29981", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@dell.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Exposure of Sensitive Information Through Data Queries vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-202: Exposure of Sensitive Information Through Data Queries", + "cweId": "CWE-202" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Dell", + "product": { + "product_data": [ + { + "product_name": "Wyse Management Suite", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "N/A", + "version_value": "5.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.dell.com/support/kbdoc/en-us/000296515/dsa-2025-135", + "refsource": "MISC", + "name": "https://www.dell.com/support/kbdoc/en-us/000296515/dsa-2025-135" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Dell would like to thank coolz0r for reporting this issue." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2025/2xxx/CVE-2025-2963.json b/2025/2xxx/CVE-2025-2963.json index ad9e4fb43ed..4bf619896eb 100644 --- a/2025/2xxx/CVE-2025-2963.json +++ b/2025/2xxx/CVE-2025-2963.json @@ -4,7 +4,7 @@ "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2025-2963", - "ASSIGNER": "cna@vuldb.com", + "ASSIGNER": "security@concretecms.org", "STATE": "PUBLIC" }, "description": { diff --git a/2025/2xxx/CVE-2025-2964.json b/2025/2xxx/CVE-2025-2964.json index 7a9e337b219..5580aaf58b2 100644 --- a/2025/2xxx/CVE-2025-2964.json +++ b/2025/2xxx/CVE-2025-2964.json @@ -4,7 +4,7 @@ "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2025-2964", - "ASSIGNER": "cna@vuldb.com", + "ASSIGNER": "security@concretecms.org", "STATE": "PUBLIC" }, "description": { diff --git a/2025/2xxx/CVE-2025-2965.json b/2025/2xxx/CVE-2025-2965.json index 5abb84cd86e..e86f65dc740 100644 --- a/2025/2xxx/CVE-2025-2965.json +++ b/2025/2xxx/CVE-2025-2965.json @@ -4,7 +4,7 @@ "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2025-2965", - "ASSIGNER": "cna@vuldb.com", + "ASSIGNER": "security@concretecms.org", "STATE": "PUBLIC" }, "description": { diff --git a/2025/2xxx/CVE-2025-2982.json b/2025/2xxx/CVE-2025-2982.json index 606947071f1..03b787b3073 100644 --- a/2025/2xxx/CVE-2025-2982.json +++ b/2025/2xxx/CVE-2025-2982.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2982", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, was found in Legrand SMS PowerView 1.x. Affected is an unknown function. The manipulation of the argument redirect leads to file inclusion. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in Legrand SMS PowerView 1.x gefunden. Sie wurde als kritisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf. Durch das Manipulieren des Arguments redirect mit unbekannten Daten kann eine file inclusion-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "File Inclusion", + "cweId": "CWE-73" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Legrand", + "product": { + "product_data": [ + { + "product_name": "SMS PowerView", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.x" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.302034", + "refsource": "MISC", + "name": "https://vuldb.com/?id.302034" + }, + { + "url": "https://vuldb.com/?ctiid.302034", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.302034" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2025/2xxx/CVE-2025-2983.json b/2025/2xxx/CVE-2025-2983.json index 8b1aa4a4b53..40b90f4bebb 100644 --- a/2025/2xxx/CVE-2025-2983.json +++ b/2025/2xxx/CVE-2025-2983.json @@ -1,17 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2983", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in Legrand SMS PowerView 1.x and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument redirect leads to os command injection. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "In Legrand SMS PowerView 1.x wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Es geht um eine nicht n\u00e4her bekannte Funktion. Durch Manipulieren des Arguments redirect mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection", + "cweId": "CWE-78" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Command Injection", + "cweId": "CWE-77" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Legrand", + "product": { + "product_data": [ + { + "product_name": "SMS PowerView", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.x" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.302035", + "refsource": "MISC", + "name": "https://vuldb.com/?id.302035" + }, + { + "url": "https://vuldb.com/?ctiid.302035", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.302035" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2025/2xxx/CVE-2025-2984.json b/2025/2xxx/CVE-2025-2984.json index 80053c1130e..dd586184240 100644 --- a/2025/2xxx/CVE-2025-2984.json +++ b/2025/2xxx/CVE-2025-2984.json @@ -1,17 +1,123 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2984", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in code-projects Payroll Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /delete.php. The manipulation of the argument emp_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in code-projects Payroll Management System 1.0 gefunden. Sie wurde als kritisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /delete.php. Durch das Beeinflussen des Arguments emp_id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection", + "cweId": "CWE-89" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Injection", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "code-projects", + "product": { + "product_data": [ + { + "product_name": "Payroll Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.302036", + "refsource": "MISC", + "name": "https://vuldb.com/?id.302036" + }, + { + "url": "https://vuldb.com/?ctiid.302036", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.302036" + }, + { + "url": "https://vuldb.com/?submit.523343", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.523343" + }, + { + "url": "https://github.com/LispTexd/cve/blob/main/cve.md", + "refsource": "MISC", + "name": "https://github.com/LispTexd/cve/blob/main/cve.md" + }, + { + "url": "https://code-projects.org/", + "refsource": "MISC", + "name": "https://code-projects.org/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "LispTex (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2025/2xxx/CVE-2025-2985.json b/2025/2xxx/CVE-2025-2985.json index 913fd51c1d5..f84f77ed075 100644 --- a/2025/2xxx/CVE-2025-2985.json +++ b/2025/2xxx/CVE-2025-2985.json @@ -1,17 +1,123 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2985", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in code-projects Payroll Management System 1.0. It has been classified as critical. This affects an unknown part of the file update_account.php. The manipulation of the argument deduction leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in code-projects Payroll Management System 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei update_account.php. Durch Beeinflussen des Arguments deduction mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection", + "cweId": "CWE-89" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Injection", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "code-projects", + "product": { + "product_data": [ + { + "product_name": "Payroll Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.302037", + "refsource": "MISC", + "name": "https://vuldb.com/?id.302037" + }, + { + "url": "https://vuldb.com/?ctiid.302037", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.302037" + }, + { + "url": "https://vuldb.com/?submit.523344", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.523344" + }, + { + "url": "https://github.com/LeoWSY-hashblue/cve2/blob/main/cve.md", + "refsource": "MISC", + "name": "https://github.com/LeoWSY-hashblue/cve2/blob/main/cve.md" + }, + { + "url": "https://code-projects.org/", + "refsource": "MISC", + "name": "https://code-projects.org/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "NeoWSY (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2025/2xxx/CVE-2025-2989.json b/2025/2xxx/CVE-2025-2989.json index e1d4068e08b..060bfa0986e 100644 --- a/2025/2xxx/CVE-2025-2989.json +++ b/2025/2xxx/CVE-2025-2989.json @@ -1,17 +1,123 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2989", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been declared as critical. This vulnerability affects unknown code of the file /goform/AdvSetWrl of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "In Tenda FH1202 1.2.0.14(408) wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /goform/AdvSetWrl der Komponente Web Management Interface. Dank der Manipulation mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Controls", + "cweId": "CWE-284" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Privilege Assignment", + "cweId": "CWE-266" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tenda", + "product": { + "product_data": [ + { + "product_name": "FH1202", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.2.0.14(408)" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.302038", + "refsource": "MISC", + "name": "https://vuldb.com/?id.302038" + }, + { + "url": "https://vuldb.com/?ctiid.302038", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.302038" + }, + { + "url": "https://vuldb.com/?submit.523402", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.523402" + }, + { + "url": "https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-AdvSetWrl-1bc53a41781f8011b0b4d3d65cacc82f?pvs=4", + "refsource": "MISC", + "name": "https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-AdvSetWrl-1bc53a41781f8011b0b4d3d65cacc82f?pvs=4" + }, + { + "url": "https://www.tenda.com.cn/", + "refsource": "MISC", + "name": "https://www.tenda.com.cn/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "wxhwxhwxh_mie (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5, + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N" } ] } diff --git a/2025/2xxx/CVE-2025-2990.json b/2025/2xxx/CVE-2025-2990.json index 8ce547e9270..81ec0abb2b4 100644 --- a/2025/2xxx/CVE-2025-2990.json +++ b/2025/2xxx/CVE-2025-2990.json @@ -1,17 +1,123 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2990", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects some unknown processing of the file /goform/AdvSetWrlGstset of the component Web Management Interface. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in Tenda FH1202 1.2.0.14(408) ausgemacht. Sie wurde als kritisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /goform/AdvSetWrlGstset der Komponente Web Management Interface. Dank Manipulation mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Controls", + "cweId": "CWE-284" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Privilege Assignment", + "cweId": "CWE-266" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tenda", + "product": { + "product_data": [ + { + "product_name": "FH1202", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.2.0.14(408)" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.302039", + "refsource": "MISC", + "name": "https://vuldb.com/?id.302039" + }, + { + "url": "https://vuldb.com/?ctiid.302039", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.302039" + }, + { + "url": "https://vuldb.com/?submit.523404", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.523404" + }, + { + "url": "https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-AdvSetWrlGstset-1bc53a41781f8057a621c3def0a56069?pvs=4", + "refsource": "MISC", + "name": "https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-AdvSetWrlGstset-1bc53a41781f8057a621c3def0a56069?pvs=4" + }, + { + "url": "https://www.tenda.com.cn/", + "refsource": "MISC", + "name": "https://www.tenda.com.cn/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "yhryhryhr_tu (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5, + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N" } ] } diff --git a/2025/2xxx/CVE-2025-2991.json b/2025/2xxx/CVE-2025-2991.json index 62a8f030164..230f177366e 100644 --- a/2025/2xxx/CVE-2025-2991.json +++ b/2025/2xxx/CVE-2025-2991.json @@ -1,17 +1,123 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2991", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical has been found in Tenda FH1202 1.2.0.14(408). Affected is an unknown function of the file /goform/AdvSetWrlmacfilter of the component Web Management Interface. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in Tenda FH1202 1.2.0.14(408) entdeckt. Es betrifft eine unbekannte Funktion der Datei /goform/AdvSetWrlmacfilter der Komponente Web Management Interface. Mit der Manipulation mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Controls", + "cweId": "CWE-284" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Privilege Assignment", + "cweId": "CWE-266" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tenda", + "product": { + "product_data": [ + { + "product_name": "FH1202", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.2.0.14(408)" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.302040", + "refsource": "MISC", + "name": "https://vuldb.com/?id.302040" + }, + { + "url": "https://vuldb.com/?ctiid.302040", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.302040" + }, + { + "url": "https://vuldb.com/?submit.523412", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.523412" + }, + { + "url": "https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-AdvSetWrlmacfilter-1bc53a41781f807d97f3d01957f442a0?pvs=4", + "refsource": "MISC", + "name": "https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-AdvSetWrlmacfilter-1bc53a41781f807d97f3d01957f442a0?pvs=4" + }, + { + "url": "https://www.tenda.com.cn/", + "refsource": "MISC", + "name": "https://www.tenda.com.cn/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "yhryhryhr_miemie (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5, + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N" } ] } diff --git a/2025/2xxx/CVE-2025-2992.json b/2025/2xxx/CVE-2025-2992.json index 448edc9ff3e..e211e7957dd 100644 --- a/2025/2xxx/CVE-2025-2992.json +++ b/2025/2xxx/CVE-2025-2992.json @@ -1,17 +1,123 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2992", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical was found in Tenda FH1202 1.2.0.14(408). Affected by this vulnerability is an unknown functionality of the file /goform/AdvSetWrlsafeset of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "In Tenda FH1202 1.2.0.14(408) wurde eine kritische Schwachstelle entdeckt. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /goform/AdvSetWrlsafeset der Komponente Web Management Interface. Durch die Manipulation mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Controls", + "cweId": "CWE-284" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Privilege Assignment", + "cweId": "CWE-266" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tenda", + "product": { + "product_data": [ + { + "product_name": "FH1202", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.2.0.14(408)" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.302041", + "refsource": "MISC", + "name": "https://vuldb.com/?id.302041" + }, + { + "url": "https://vuldb.com/?ctiid.302041", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.302041" + }, + { + "url": "https://vuldb.com/?submit.523413", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.523413" + }, + { + "url": "https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-AdvSetWrlsafeset-1bc53a41781f809bb808deffc226401d?pvs=4", + "refsource": "MISC", + "name": "https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-AdvSetWrlsafeset-1bc53a41781f809bb808deffc226401d?pvs=4" + }, + { + "url": "https://www.tenda.com.cn/", + "refsource": "MISC", + "name": "https://www.tenda.com.cn/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "yhryhryhr_tutu (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5, + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N" } ] } diff --git a/2025/2xxx/CVE-2025-2993.json b/2025/2xxx/CVE-2025-2993.json index a23bf9fa047..8ad5d138a67 100644 --- a/2025/2xxx/CVE-2025-2993.json +++ b/2025/2xxx/CVE-2025-2993.json @@ -1,17 +1,123 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2993", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). Affected by this issue is some unknown functionality of the file /default.cfg. The manipulation of the argument these leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in Tenda FH1202 1.2.0.14(408) entdeckt. Dies betrifft einen unbekannten Teil der Datei /default.cfg. Durch Manipulation des Arguments these mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Controls", + "cweId": "CWE-284" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Privilege Assignment", + "cweId": "CWE-266" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tenda", + "product": { + "product_data": [ + { + "product_name": "FH1202", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.2.0.14(408)" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.302042", + "refsource": "MISC", + "name": "https://vuldb.com/?id.302042" + }, + { + "url": "https://vuldb.com/?ctiid.302042", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.302042" + }, + { + "url": "https://vuldb.com/?submit.523416", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.523416" + }, + { + "url": "https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-default-cfg-1bc53a41781f806d8016cd4e73ca4d6f?pvs=4", + "refsource": "MISC", + "name": "https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-default-cfg-1bc53a41781f806d8016cd4e73ca4d6f?pvs=4" + }, + { + "url": "https://www.tenda.com.cn/", + "refsource": "MISC", + "name": "https://www.tenda.com.cn/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "yhryhryhr_mie (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N" } ] } diff --git a/2025/2xxx/CVE-2025-2994.json b/2025/2xxx/CVE-2025-2994.json index 2fb1f80b87b..11cb62e10c8 100644 --- a/2025/2xxx/CVE-2025-2994.json +++ b/2025/2xxx/CVE-2025-2994.json @@ -1,17 +1,123 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2994", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14(408). This affects an unknown part of the file /goform/qossetting of the component Web Management Interface. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in Tenda FH1202 1.2.0.14(408) gefunden. Dabei betrifft es einen unbekannter Codeteil der Datei /goform/qossetting der Komponente Web Management Interface. Mittels dem Manipulieren mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Controls", + "cweId": "CWE-284" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Privilege Assignment", + "cweId": "CWE-266" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tenda", + "product": { + "product_data": [ + { + "product_name": "FH1202", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.2.0.14(408)" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.302043", + "refsource": "MISC", + "name": "https://vuldb.com/?id.302043" + }, + { + "url": "https://vuldb.com/?ctiid.302043", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.302043" + }, + { + "url": "https://vuldb.com/?submit.523417", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.523417" + }, + { + "url": "https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-qossetting-1bc53a41781f80a2aa2fde152bf948b5?pvs=4", + "refsource": "MISC", + "name": "https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-qossetting-1bc53a41781f80a2aa2fde152bf948b5?pvs=4" + }, + { + "url": "https://www.tenda.com.cn/", + "refsource": "MISC", + "name": "https://www.tenda.com.cn/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "yhryhryhr_mie (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5, + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N" } ] } diff --git a/2025/2xxx/CVE-2025-2995.json b/2025/2xxx/CVE-2025-2995.json index 202fa34e42b..d238f60ff4f 100644 --- a/2025/2xxx/CVE-2025-2995.json +++ b/2025/2xxx/CVE-2025-2995.json @@ -1,17 +1,123 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2995", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. This vulnerability affects unknown code of the file /goform/SysToolChangePwd of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "In Tenda FH1202 1.2.0.14(408) wurde eine kritische Schwachstelle gefunden. Hierbei betrifft es unbekannten Programmcode der Datei /goform/SysToolChangePwd der Komponente Web Management Interface. Mittels Manipulieren mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Controls", + "cweId": "CWE-284" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Privilege Assignment", + "cweId": "CWE-266" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tenda", + "product": { + "product_data": [ + { + "product_name": "FH1202", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.2.0.14(408)" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.302044", + "refsource": "MISC", + "name": "https://vuldb.com/?id.302044" + }, + { + "url": "https://vuldb.com/?ctiid.302044", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.302044" + }, + { + "url": "https://vuldb.com/?submit.523418", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.523418" + }, + { + "url": "https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-SysToolChangePwd-1bc53a41781f809b95a4efb617090d3c?pvs=4", + "refsource": "MISC", + "name": "https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-SysToolChangePwd-1bc53a41781f809b95a4efb617090d3c?pvs=4" + }, + { + "url": "https://www.tenda.com.cn/", + "refsource": "MISC", + "name": "https://www.tenda.com.cn/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "yhryhryhr_backup (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5, + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N" } ] } diff --git a/2025/2xxx/CVE-2025-2996.json b/2025/2xxx/CVE-2025-2996.json index 5c0a876e2d7..927eaa90bee 100644 --- a/2025/2xxx/CVE-2025-2996.json +++ b/2025/2xxx/CVE-2025-2996.json @@ -1,17 +1,123 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2996", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Tenda FH1202 1.2.0.14(408) and classified as critical. This issue affects some unknown processing of the file /goform/SysToolDDNS of the component Web Management Interface. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in Tenda FH1202 1.2.0.14(408) gefunden. Davon betroffen ist unbekannter Code der Datei /goform/SysToolDDNS der Komponente Web Management Interface. Durch das Manipulieren mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Controls", + "cweId": "CWE-284" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Privilege Assignment", + "cweId": "CWE-266" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tenda", + "product": { + "product_data": [ + { + "product_name": "FH1202", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.2.0.14(408)" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.302045", + "refsource": "MISC", + "name": "https://vuldb.com/?id.302045" + }, + { + "url": "https://vuldb.com/?ctiid.302045", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.302045" + }, + { + "url": "https://vuldb.com/?submit.523419", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.523419" + }, + { + "url": "https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-SysToolDDNS-1bc53a41781f8012a03be8bebed1125b?pvs=4", + "refsource": "MISC", + "name": "https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-SysToolDDNS-1bc53a41781f8012a03be8bebed1125b?pvs=4" + }, + { + "url": "https://www.tenda.com.cn/", + "refsource": "MISC", + "name": "https://www.tenda.com.cn/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "yhryhryhr (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5, + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N" } ] } diff --git a/2025/2xxx/CVE-2025-2997.json b/2025/2xxx/CVE-2025-2997.json index cf9bf655981..d16ca2b1162 100644 --- a/2025/2xxx/CVE-2025-2997.json +++ b/2025/2xxx/CVE-2025-2997.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2997", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in zhangyanbo2007 youkefu 4.2.0. It has been classified as critical. Affected is an unknown function of the file /res/url. The manipulation of the argument url leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in zhangyanbo2007 youkefu 4.2.0 ausgemacht. Hiervon betroffen ist ein unbekannter Codeblock der Datei /res/url. Durch Manipulieren des Arguments url mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Server-Side Request Forgery", + "cweId": "CWE-918" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "zhangyanbo2007", + "product": { + "product_data": [ + { + "product_name": "youkefu", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.302046", + "refsource": "MISC", + "name": "https://vuldb.com/?id.302046" + }, + { + "url": "https://vuldb.com/?ctiid.302046", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.302046" + }, + { + "url": "https://vuldb.com/?submit.524009", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.524009" + }, + { + "url": "https://github.com/exp3n5ive/Vul/blob/main/youkefu/youkefu.pdf", + "refsource": "MISC", + "name": "https://github.com/exp3n5ive/Vul/blob/main/youkefu/youkefu.pdf" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "exp3n5ive (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2025/2xxx/CVE-2025-2998.json b/2025/2xxx/CVE-2025-2998.json index 037e5cf0641..f1c879c1564 100644 --- a/2025/2xxx/CVE-2025-2998.json +++ b/2025/2xxx/CVE-2025-2998.json @@ -1,17 +1,114 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2998", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in PyTorch 2.6.0. It has been declared as critical. Affected by this vulnerability is the function torch.nn.utils.rnn.pad_packed_sequence. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "In PyTorch 2.6.0 wurde eine kritische Schwachstelle ausgemacht. Betroffen ist die Funktion torch.nn.utils.rnn.pad_packed_sequence. Durch das Beeinflussen mit unbekannten Daten kann eine memory corruption-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption", + "cweId": "CWE-119" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "PyTorch", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.6.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.302047", + "refsource": "MISC", + "name": "https://vuldb.com/?id.302047" + }, + { + "url": "https://vuldb.com/?ctiid.302047", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.302047" + }, + { + "url": "https://vuldb.com/?submit.524151", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.524151" + }, + { + "url": "https://github.com/pytorch/pytorch/issues/149622", + "refsource": "MISC", + "name": "https://github.com/pytorch/pytorch/issues/149622" + }, + { + "url": "https://github.com/pytorch/pytorch/issues/149622#issue-2935495265", + "refsource": "MISC", + "name": "https://github.com/pytorch/pytorch/issues/149622#issue-2935495265" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Default436352 (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.3, + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 4.3, + "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2025/30xxx/CVE-2025-30892.json b/2025/30xxx/CVE-2025-30892.json index ae6fcd79696..e59f63b99f1 100644 --- a/2025/30xxx/CVE-2025-30892.json +++ b/2025/30xxx/CVE-2025-30892.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30892", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Deserialization of Untrusted Data vulnerability in magepeopleteam WpTravelly allows Object Injection. This issue affects WpTravelly: from n/a through 1.8.7." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502 Deserialization of Untrusted Data", + "cweId": "CWE-502" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "magepeopleteam", + "product": { + "product_data": [ + { + "product_name": "WpTravelly", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "1.8.7", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.8.8", + "status": "unaffected" + } + ] + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/tour-booking-manager/vulnerability/wordpress-wptravelly-plugin-1-8-7-php-object-injection-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/tour-booking-manager/vulnerability/wordpress-wptravelly-plugin-1-8-7-php-object-injection-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress WpTravelly plugin to the latest available version (at least 1.8.8)." + } + ], + "value": "Update the WordPress WpTravelly plugin to the latest available version (at least 1.8.8)." + } + ], + "credits": [ + { + "lang": "en", + "value": "LVT-tholv2k (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" } ] } diff --git a/2025/30xxx/CVE-2025-30901.json b/2025/30xxx/CVE-2025-30901.json index 29b845ee96e..079c1aeeba2 100644 --- a/2025/30xxx/CVE-2025-30901.json +++ b/2025/30xxx/CVE-2025-30901.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30901", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Help Desk allows PHP Local File Inclusion. This issue affects JS Help Desk: from n/a through 2.9.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", + "cweId": "CWE-98" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "JoomSky", + "product": { + "product_data": [ + { + "product_name": "JS Help Desk", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "2.9.2", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "2.9.3", + "status": "unaffected" + } + ] + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/js-support-ticket/vulnerability/wordpress-js-help-desk-plugin-2-9-2-local-file-inclusion-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/js-support-ticket/vulnerability/wordpress-js-help-desk-plugin-2-9-2-local-file-inclusion-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress JS Help Desk plugin to the latest available version (at least 2.9.3)." + } + ], + "value": "Update the WordPress JS Help Desk plugin to the latest available version (at least 2.9.3)." + } + ], + "credits": [ + { + "lang": "en", + "value": "Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc) (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 8.1, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH", + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" } ] } diff --git a/2025/30xxx/CVE-2025-30902.json b/2025/30xxx/CVE-2025-30902.json index abbcc1f71e5..efe96970c59 100644 --- a/2025/30xxx/CVE-2025-30902.json +++ b/2025/30xxx/CVE-2025-30902.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30902", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ATL Software SRL AEC Kiosque allows Reflected XSS. This issue affects AEC Kiosque: from n/a through 1.9.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ATL Software SRL", + "product": { + "product_data": [ + { + "product_name": "AEC Kiosque", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "1.9.3", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.9.4", + "status": "unaffected" + } + ] + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/aec-kiosque/vulnerability/wordpress-aec-kiosque-plugin-1-9-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/aec-kiosque/vulnerability/wordpress-aec-kiosque-plugin-1-9-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress AEC Kiosque plugin to the latest available version (at least 1.9.4)." + } + ], + "value": "Update the WordPress AEC Kiosque plugin to the latest available version (at least 1.9.4)." + } + ], + "credits": [ + { + "lang": "en", + "value": "stealthcopter (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2025/30xxx/CVE-2025-30905.json b/2025/30xxx/CVE-2025-30905.json index a471505b014..6d9640c5631 100644 --- a/2025/30xxx/CVE-2025-30905.json +++ b/2025/30xxx/CVE-2025-30905.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30905", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Secure Copy Content Protection and Content Locking allows Stored XSS. This issue affects Secure Copy Content Protection and Content Locking: from n/a through 4.4.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ays Pro", + "product": { + "product_data": [ + { + "product_name": "Secure Copy Content Protection and Content Locking", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "4.4.3", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "4.4.5", + "status": "unaffected" + } + ] + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/secure-copy-content-protection/vulnerability/wordpress-secure-copy-content-protection-and-content-locking-plugin-4-4-3-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/secure-copy-content-protection/vulnerability/wordpress-secure-copy-content-protection-and-content-locking-plugin-4-4-3-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Secure Copy Content Protection and Content Locking plugin to the latest available version (at least 4.4.5)." + } + ], + "value": "Update the WordPress Secure Copy Content Protection and Content Locking plugin to the latest available version (at least 4.4.5)." + } + ], + "credits": [ + { + "lang": "en", + "value": "astra.r3verii (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2025/30xxx/CVE-2025-30906.json b/2025/30xxx/CVE-2025-30906.json index 27e436819bd..f34fba93d78 100644 --- a/2025/30xxx/CVE-2025-30906.json +++ b/2025/30xxx/CVE-2025-30906.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30906", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Coffee Code Tech Plugin Oficial \u2013 Getnet para WooCommerce allows Reflected XSS. This issue affects Plugin Oficial \u2013 Getnet para WooCommerce: from n/a through 1.7.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Coffee Code Tech", + "product": { + "product_data": [ + { + "product_name": "Plugin Oficial \u2013 Getnet para WooCommerce", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "1.7.3", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.8.0", + "status": "unaffected" + } + ] + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wc-checkout-getnet/vulnerability/wordpress-plugin-oficial-getnet-para-woocommerce-plugin-1-7-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/wc-checkout-getnet/vulnerability/wordpress-plugin-oficial-getnet-para-woocommerce-plugin-1-7-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Plugin Oficial \u2013 Getnet para WooCommerce plugin to the latest available version (at least 1.8.0)." + } + ], + "value": "Update the WordPress Plugin Oficial \u2013 Getnet para WooCommerce plugin to the latest available version (at least 1.8.0)." + } + ], + "credits": [ + { + "lang": "en", + "value": "Jo\u00e3o Pedro S Alc\u00e2ntara (Kinorth) (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2025/30xxx/CVE-2025-30910.json b/2025/30xxx/CVE-2025-30910.json index 3d7a221b5d2..062671c0e98 100644 --- a/2025/30xxx/CVE-2025-30910.json +++ b/2025/30xxx/CVE-2025-30910.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30910", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CreativeMindsSolutions CM Download Manager allows Path Traversal. This issue affects CM Download Manager: from n/a through 2.9.6." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "CreativeMindsSolutions", + "product": { + "product_data": [ + { + "product_name": "CM Download Manager", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "2.9.6", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "3.0.0", + "status": "unaffected" + } + ] + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/cm-download-manager/vulnerability/wordpress-cm-download-manager-plugin-2-9-6-arbitrary-file-deletion-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/cm-download-manager/vulnerability/wordpress-cm-download-manager-plugin-2-9-6-arbitrary-file-deletion-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress CM Download Manager plugin to the latest available version (at least 3.0.0)." + } + ], + "value": "Update the WordPress CM Download Manager plugin to the latest available version (at least 3.0.0)." + } + ], + "credits": [ + { + "lang": "en", + "value": "Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc) (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 8.6, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "version": "3.1" } ] } diff --git a/2025/30xxx/CVE-2025-30911.json b/2025/30xxx/CVE-2025-30911.json index c9fda550bdc..aebe2544f9d 100644 --- a/2025/30xxx/CVE-2025-30911.json +++ b/2025/30xxx/CVE-2025-30911.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30911", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Rometheme RomethemeKit For Elementor allows Command Injection. This issue affects RomethemeKit For Elementor: from n/a through 1.5.4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94 Improper Control of Generation of Code ('Code Injection')", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Rometheme", + "product": { + "product_data": [ + { + "product_name": "RomethemeKit For Elementor", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "1.5.4", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.5.5", + "status": "unaffected" + } + ] + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/rometheme-for-elementor/vulnerability/wordpress-romethemekit-for-elementor-plugin-1-5-4-arbitrary-plugin-installation-activation-to-rce-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/rometheme-for-elementor/vulnerability/wordpress-romethemekit-for-elementor-plugin-1-5-4-arbitrary-plugin-installation-activation-to-rce-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress RomethemeKit For Elementor plugin to the latest available version (at least 1.5.5)." + } + ], + "value": "Update the WordPress RomethemeKit For Elementor plugin to the latest available version (at least 1.5.5)." + } + ], + "credits": [ + { + "lang": "en", + "value": "Rafie Muhammad (Patchstack)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 9.9, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "baseSeverity": "CRITICAL", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "version": "3.1" } ] } diff --git a/2025/30xxx/CVE-2025-30913.json b/2025/30xxx/CVE-2025-30913.json index 791bf84e1ce..101d37a550e 100644 --- a/2025/30xxx/CVE-2025-30913.json +++ b/2025/30xxx/CVE-2025-30913.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30913", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in podpirate Access Areas allows Reflected XSS. This issue affects Access Areas: from n/a through 1.5.19." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "podpirate", + "product": { + "product_data": [ + { + "product_name": "Access Areas", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "1.5.19", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.5.20", + "status": "unaffected" + } + ] + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-access-areas/vulnerability/wordpress-access-areas-plugin-1-5-19-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/wp-access-areas/vulnerability/wordpress-access-areas-plugin-1-5-19-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Access Areas plugin to the latest available version (at least 1.5.20)." + } + ], + "value": "Update the WordPress Access Areas plugin to the latest available version (at least 1.5.20)." + } + ], + "credits": [ + { + "lang": "en", + "value": "0xd4rk5id3 (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2025/30xxx/CVE-2025-30917.json b/2025/30xxx/CVE-2025-30917.json index 77e0d6e379a..96b9444bc70 100644 --- a/2025/30xxx/CVE-2025-30917.json +++ b/2025/30xxx/CVE-2025-30917.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30917", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Wham SKU Generator for WooCommerce allows Reflected XSS. This issue affects SKU Generator for WooCommerce: from n/a through 1.6.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WP Wham", + "product": { + "product_data": [ + { + "product_name": "SKU Generator for WooCommerce", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "1.6.2", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.6.3", + "status": "unaffected" + } + ] + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/sku-for-woocommerce/vulnerability/wordpress-sku-generator-for-woocommerce-plugin-1-6-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/sku-for-woocommerce/vulnerability/wordpress-sku-generator-for-woocommerce-plugin-1-6-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress SKU Generator for WooCommerce plugin to the latest available version (at least 1.6.3)." + } + ], + "value": "Update the WordPress SKU Generator for WooCommerce plugin to the latest available version (at least 1.6.3)." + } + ], + "credits": [ + { + "lang": "en", + "value": "Peter Thaleikis (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2025/31xxx/CVE-2025-31535.json b/2025/31xxx/CVE-2025-31535.json new file mode 100644 index 00000000000..1d1feda5de3 --- /dev/null +++ b/2025/31xxx/CVE-2025-31535.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31535", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31536.json b/2025/31xxx/CVE-2025-31536.json new file mode 100644 index 00000000000..adfa3e10532 --- /dev/null +++ b/2025/31xxx/CVE-2025-31536.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31536", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31537.json b/2025/31xxx/CVE-2025-31537.json new file mode 100644 index 00000000000..fd7e40d7091 --- /dev/null +++ b/2025/31xxx/CVE-2025-31537.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31537", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31538.json b/2025/31xxx/CVE-2025-31538.json new file mode 100644 index 00000000000..fbe5da705ae --- /dev/null +++ b/2025/31xxx/CVE-2025-31538.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31538", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31539.json b/2025/31xxx/CVE-2025-31539.json new file mode 100644 index 00000000000..2ea66d86377 --- /dev/null +++ b/2025/31xxx/CVE-2025-31539.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31539", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31540.json b/2025/31xxx/CVE-2025-31540.json new file mode 100644 index 00000000000..5bf66646136 --- /dev/null +++ b/2025/31xxx/CVE-2025-31540.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31540", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31541.json b/2025/31xxx/CVE-2025-31541.json new file mode 100644 index 00000000000..c6a3913d98b --- /dev/null +++ b/2025/31xxx/CVE-2025-31541.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31541", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31542.json b/2025/31xxx/CVE-2025-31542.json new file mode 100644 index 00000000000..1073459d171 --- /dev/null +++ b/2025/31xxx/CVE-2025-31542.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31542", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31543.json b/2025/31xxx/CVE-2025-31543.json new file mode 100644 index 00000000000..3b2552d425e --- /dev/null +++ b/2025/31xxx/CVE-2025-31543.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31543", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31544.json b/2025/31xxx/CVE-2025-31544.json new file mode 100644 index 00000000000..b0abc2e94c1 --- /dev/null +++ b/2025/31xxx/CVE-2025-31544.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31544", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31545.json b/2025/31xxx/CVE-2025-31545.json new file mode 100644 index 00000000000..0c94b636227 --- /dev/null +++ b/2025/31xxx/CVE-2025-31545.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31545", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31546.json b/2025/31xxx/CVE-2025-31546.json new file mode 100644 index 00000000000..c5e9a2ca40a --- /dev/null +++ b/2025/31xxx/CVE-2025-31546.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31546", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31547.json b/2025/31xxx/CVE-2025-31547.json new file mode 100644 index 00000000000..4df9f162691 --- /dev/null +++ b/2025/31xxx/CVE-2025-31547.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31547", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31548.json b/2025/31xxx/CVE-2025-31548.json new file mode 100644 index 00000000000..f6b63083e6b --- /dev/null +++ b/2025/31xxx/CVE-2025-31548.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31548", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31549.json b/2025/31xxx/CVE-2025-31549.json new file mode 100644 index 00000000000..d459df34230 --- /dev/null +++ b/2025/31xxx/CVE-2025-31549.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31549", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31550.json b/2025/31xxx/CVE-2025-31550.json new file mode 100644 index 00000000000..3d1e8ac4f78 --- /dev/null +++ b/2025/31xxx/CVE-2025-31550.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31550", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31551.json b/2025/31xxx/CVE-2025-31551.json new file mode 100644 index 00000000000..a612e7329a0 --- /dev/null +++ b/2025/31xxx/CVE-2025-31551.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31551", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31552.json b/2025/31xxx/CVE-2025-31552.json new file mode 100644 index 00000000000..71260fc731c --- /dev/null +++ b/2025/31xxx/CVE-2025-31552.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31552", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31855.json b/2025/31xxx/CVE-2025-31855.json new file mode 100644 index 00000000000..21bf44e8dff --- /dev/null +++ b/2025/31xxx/CVE-2025-31855.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31855", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31856.json b/2025/31xxx/CVE-2025-31856.json new file mode 100644 index 00000000000..3ac34d7a5af --- /dev/null +++ b/2025/31xxx/CVE-2025-31856.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31856", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31857.json b/2025/31xxx/CVE-2025-31857.json new file mode 100644 index 00000000000..bea5355a4f5 --- /dev/null +++ b/2025/31xxx/CVE-2025-31857.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31857", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31858.json b/2025/31xxx/CVE-2025-31858.json new file mode 100644 index 00000000000..5b12fefb575 --- /dev/null +++ b/2025/31xxx/CVE-2025-31858.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31858", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31859.json b/2025/31xxx/CVE-2025-31859.json new file mode 100644 index 00000000000..9f449cd6efd --- /dev/null +++ b/2025/31xxx/CVE-2025-31859.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31859", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31860.json b/2025/31xxx/CVE-2025-31860.json new file mode 100644 index 00000000000..880288a8ef0 --- /dev/null +++ b/2025/31xxx/CVE-2025-31860.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31860", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31861.json b/2025/31xxx/CVE-2025-31861.json new file mode 100644 index 00000000000..56cd9e0d45b --- /dev/null +++ b/2025/31xxx/CVE-2025-31861.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31861", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31862.json b/2025/31xxx/CVE-2025-31862.json new file mode 100644 index 00000000000..584800179d8 --- /dev/null +++ b/2025/31xxx/CVE-2025-31862.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31862", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31863.json b/2025/31xxx/CVE-2025-31863.json new file mode 100644 index 00000000000..5d1bf195590 --- /dev/null +++ b/2025/31xxx/CVE-2025-31863.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31863", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31864.json b/2025/31xxx/CVE-2025-31864.json new file mode 100644 index 00000000000..95d081397c9 --- /dev/null +++ b/2025/31xxx/CVE-2025-31864.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31864", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31865.json b/2025/31xxx/CVE-2025-31865.json new file mode 100644 index 00000000000..2e4447808b9 --- /dev/null +++ b/2025/31xxx/CVE-2025-31865.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31865", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31866.json b/2025/31xxx/CVE-2025-31866.json new file mode 100644 index 00000000000..7c3fc2333a4 --- /dev/null +++ b/2025/31xxx/CVE-2025-31866.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31866", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31867.json b/2025/31xxx/CVE-2025-31867.json new file mode 100644 index 00000000000..37766a37447 --- /dev/null +++ b/2025/31xxx/CVE-2025-31867.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31867", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31868.json b/2025/31xxx/CVE-2025-31868.json new file mode 100644 index 00000000000..6b284898815 --- /dev/null +++ b/2025/31xxx/CVE-2025-31868.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31868", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31869.json b/2025/31xxx/CVE-2025-31869.json new file mode 100644 index 00000000000..902480e0e14 --- /dev/null +++ b/2025/31xxx/CVE-2025-31869.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31869", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31870.json b/2025/31xxx/CVE-2025-31870.json new file mode 100644 index 00000000000..688a932b5b4 --- /dev/null +++ b/2025/31xxx/CVE-2025-31870.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31870", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31871.json b/2025/31xxx/CVE-2025-31871.json new file mode 100644 index 00000000000..a252e099943 --- /dev/null +++ b/2025/31xxx/CVE-2025-31871.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31871", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/3xxx/CVE-2025-3053.json b/2025/3xxx/CVE-2025-3053.json new file mode 100644 index 00000000000..de0ec1b6bdb --- /dev/null +++ b/2025/3xxx/CVE-2025-3053.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-3053", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/3xxx/CVE-2025-3054.json b/2025/3xxx/CVE-2025-3054.json new file mode 100644 index 00000000000..b9c6ebb4c75 --- /dev/null +++ b/2025/3xxx/CVE-2025-3054.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-3054", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/3xxx/CVE-2025-3055.json b/2025/3xxx/CVE-2025-3055.json new file mode 100644 index 00000000000..d1dd2edd9a7 --- /dev/null +++ b/2025/3xxx/CVE-2025-3055.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-3055", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/3xxx/CVE-2025-3056.json b/2025/3xxx/CVE-2025-3056.json new file mode 100644 index 00000000000..fa881611795 --- /dev/null +++ b/2025/3xxx/CVE-2025-3056.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-3056", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/3xxx/CVE-2025-3058.json b/2025/3xxx/CVE-2025-3058.json new file mode 100644 index 00000000000..906ddee08d5 --- /dev/null +++ b/2025/3xxx/CVE-2025-3058.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-3058", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/3xxx/CVE-2025-3063.json b/2025/3xxx/CVE-2025-3063.json index d562a02cdba..7e064025c3f 100644 --- a/2025/3xxx/CVE-2025-3063.json +++ b/2025/3xxx/CVE-2025-3063.json @@ -1,85 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3063", - "ASSIGNER": "security@wordfence.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "The Shopper Approved Reviews plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_callback_update_sa_option() function in versions 2.0 to 2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-862 Missing Authorization", - "cweId": "CWE-862" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "shopperapprovedapp", - "product": { - "product_data": [ - { - "product_name": "Shopper Approved Reviews", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "2.0", - "version_value": "2.1" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c042b347-2884-436d-abd3-6931548f18d6?source=cve", - "refsource": "MISC", - "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c042b347-2884-436d-abd3-6931548f18d6?source=cve" - }, - { - "url": "https://plugins.trac.wordpress.org/browser/shopperapproved-reviews/trunk/shopperapproved.php#L154", - "refsource": "MISC", - "name": "https://plugins.trac.wordpress.org/browser/shopperapproved-reviews/trunk/shopperapproved.php#L154" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "Kenneth Dunn" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2025/3xxx/CVE-2025-3064.json b/2025/3xxx/CVE-2025-3064.json new file mode 100644 index 00000000000..2b2283ed722 --- /dev/null +++ b/2025/3xxx/CVE-2025-3064.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-3064", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/3xxx/CVE-2025-3065.json b/2025/3xxx/CVE-2025-3065.json new file mode 100644 index 00000000000..c09707ef445 --- /dev/null +++ b/2025/3xxx/CVE-2025-3065.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-3065", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/3xxx/CVE-2025-3075.json b/2025/3xxx/CVE-2025-3075.json new file mode 100644 index 00000000000..d270a7245fc --- /dev/null +++ b/2025/3xxx/CVE-2025-3075.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-3075", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/3xxx/CVE-2025-3076.json b/2025/3xxx/CVE-2025-3076.json new file mode 100644 index 00000000000..0fb044cd5dd --- /dev/null +++ b/2025/3xxx/CVE-2025-3076.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-3076", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/3xxx/CVE-2025-3077.json b/2025/3xxx/CVE-2025-3077.json new file mode 100644 index 00000000000..2e297d38ee9 --- /dev/null +++ b/2025/3xxx/CVE-2025-3077.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-3077", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/3xxx/CVE-2025-3084.json b/2025/3xxx/CVE-2025-3084.json index 88bf75ebba0..d2a4100dfd1 100644 --- a/2025/3xxx/CVE-2025-3084.json +++ b/2025/3xxx/CVE-2025-3084.json @@ -1,103 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3084", - "ASSIGNER": "cna@mongodb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "When run on commands with certain arguments set, explain may fail to validate these arguments before using them. This can lead to crashes in router servers. This affects MongoDB Server v5.0 prior to 5.0.31, MongoDB Server v6.0 prior to 6.0.20, MongoDB Server v7.0 prior to 7.0.16 and MongoDB Server v8.0 prior to 8.0.4" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-703: Improper Check or Handling of Exceptional Conditions", - "cweId": "CWE-703" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "MongoDB Inc", - "product": { - "product_data": [ - { - "product_name": "MongoDB Server", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "5.0", - "version_value": "5.0.31" - }, - { - "version_affected": "<", - "version_name": "6.0", - "version_value": "6.0.20" - }, - { - "version_affected": "<", - "version_name": "7.0", - "version_value": "7.0.16" - }, - { - "version_affected": "<", - "version_name": "8.0", - "version_value": "8.0.4" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://jira.mongodb.org/browse/SERVER-103153", - "refsource": "MISC", - "name": "https://jira.mongodb.org/browse/SERVER-103153" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.2.0" - }, - "source": { - "discovery": "INTERNAL" - }, - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 6.5, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2025/3xxx/CVE-2025-3085.json b/2025/3xxx/CVE-2025-3085.json index c246df4ba3b..22d9f9d7269 100644 --- a/2025/3xxx/CVE-2025-3085.json +++ b/2025/3xxx/CVE-2025-3085.json @@ -1,116 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3085", - "ASSIGNER": "cna@mongodb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A MongoDB server under specific conditions running on Linux with TLS and CRL revocation status checking enabled, fails to check the revocation status of the intermediate certificates in the peer's certificate chain. In cases of MONGODB-X509, which is not enabled by default, this may lead to improper authentication. This issue may also affect intra-cluster authentication. This issue affects MongoDB Server v5.0 versions prior to 5.0.31, MongoDB Server v6.0 versions prior to 6.0.20, MongoDB Server v7.0 versions prior to 7.0.16 and MongoDB Server v8.0 versions prior to 8.0.4.\nRequired Configuration :\u00a0MongoDB Server must be running on Linux Operating Systems and CRL revocation status checking must be enabled" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-299: Improper Check for Certificate Revocation", - "cweId": "CWE-299" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "MongoDB Inc", - "product": { - "product_data": [ - { - "product_name": "MongoDB Server", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "5.0", - "version_value": "5.0.31" - }, - { - "version_affected": "<", - "version_name": "6.0", - "version_value": "6.0.20" - }, - { - "version_affected": "<", - "version_name": "7.0", - "version_value": "7.0.16" - }, - { - "version_affected": "<", - "version_name": "8.0.", - "version_value": "8.0.4" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://jira.mongodb.org/browse/SERVER-95445", - "refsource": "MISC", - "name": "https://jira.mongodb.org/browse/SERVER-95445" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.2.0" - }, - "source": { - "discovery": "INTERNAL" - }, - "configuration": [ - { - "lang": "en", - "supportingMedia": [ - { - "base64": false, - "type": "text/html", - "value": "MongoDB Server must be running on Linux Operating Systems and CRL revocation status checking must be enabled" - } - ], - "value": "MongoDB Server must be running on Linux Operating Systems and CRL revocation status checking must be enabled" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "HIGH", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 8.1, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2025/3xxx/CVE-2025-3097.json b/2025/3xxx/CVE-2025-3097.json new file mode 100644 index 00000000000..7b8ed8e1067 --- /dev/null +++ b/2025/3xxx/CVE-2025-3097.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-3097", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/3xxx/CVE-2025-3098.json b/2025/3xxx/CVE-2025-3098.json new file mode 100644 index 00000000000..9831dfec4ef --- /dev/null +++ b/2025/3xxx/CVE-2025-3098.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-3098", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/3xxx/CVE-2025-3099.json b/2025/3xxx/CVE-2025-3099.json new file mode 100644 index 00000000000..4b232172346 --- /dev/null +++ b/2025/3xxx/CVE-2025-3099.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-3099", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/3xxx/CVE-2025-3100.json b/2025/3xxx/CVE-2025-3100.json new file mode 100644 index 00000000000..c72bf62ada5 --- /dev/null +++ b/2025/3xxx/CVE-2025-3100.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-3100", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/3xxx/CVE-2025-3101.json b/2025/3xxx/CVE-2025-3101.json new file mode 100644 index 00000000000..ac66077edf4 --- /dev/null +++ b/2025/3xxx/CVE-2025-3101.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-3101", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file