admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-02-17 04:00:31 +00:00
parent fcb1e4b082
commit 342169371e
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
6 changed files with 502 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
2024/8xxx/CVE-2024-8584.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Orca HCM from LEARNING DIGITAL does not properly restrict access to a specific functionality, allowing unauthenticated remote attacker to exploit this functionality to create an account with administrator privilege and subsequently use it to log in. (\u00a0The vendor is currently addressing the vulnerability. Once the fix is completed, we will provide information on the affected versions.)"
"value": "Orca HCM from LEARNING DIGITAL has an Missing Authentication vulnerability, allowing unauthenticated remote attacker to exploit this functionality to create an account with administrator privilege and subsequently use it to log in."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control",
"cweId": "CWE-284"
"value": "CWE-306 Missing Authentication for Critical Function",
"cweId": "CWE-306"
}
]
}
@ -40,8 +40,9 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0"
"version_affected": "<",
"version_name": "0",
"version_value": "11.0"
}
]
}
@ -73,6 +74,19 @@
"advisory": "TVN-202409001",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "&nbsp; Update to version 11.0 or later"
}
],
"value": "Update to version 11.0 or later"
}
],
"impact": {
"cvss": [
{

129
2025/1xxx/CVE-2025-1372.json
View File

@ -1,17 +1,138 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1372",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in GNU elfutils 0.192. It has been declared as critical. Affected by this vulnerability is the function dump_data_section/print_string_section of the file readelf.c of the component eu-readelf. The manipulation of the argument z/x leads to buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 73db9d2021cab9e23fd734b0a76a612d52a6f1db. It is recommended to apply a patch to fix this issue."
},
{
"lang": "deu",
"value": "In GNU elfutils 0.192 wurde eine kritische Schwachstelle ausgemacht. Das betrifft die Funktion dump_data_section/print_string_section der Datei readelf.c der Komponente eu-readelf. Durch Manipulation des Arguments z/x mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 73db9d2021cab9e23fd734b0a76a612d52a6f1db bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow",
"cweId": "CWE-120"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Memory Corruption",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GNU",
"product": {
"product_data": [
{
"product_name": "elfutils",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0.192"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.295981",
"refsource": "MISC",
"name": "https://vuldb.com/?id.295981"
},
{
"url": "https://vuldb.com/?ctiid.295981",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.295981"
},
{
"url": "https://vuldb.com/?submit.496485",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.496485"
},
{
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32656",
"refsource": "MISC",
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=32656"
},
{
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32657",
"refsource": "MISC",
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=32657"
},
{
"url": "https://sourceware.org/bugzilla/attachment.cgi?id=15927",
"refsource": "MISC",
"name": "https://sourceware.org/bugzilla/attachment.cgi?id=15927"
},
{
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32656#c3",
"refsource": "MISC",
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=32656#c3"
},
{
"url": "https://www.gnu.org/",
"refsource": "MISC",
"name": "https://www.gnu.org/"
}
]
},
"credits": [
{
"lang": "en",
"value": "rookie (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.3,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.3,
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

128
2025/1xxx/CVE-2025-1373.json
View File

@ -1,17 +1,137 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1373",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in FFmpeg up to 7.1. It has been rated as problematic. Affected by this issue is the function mov_read_trak of the file libavformat/mov.c of the component MOV Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The patch is identified as 43be8d07281caca2e88bfd8ee2333633e1fb1a13. It is recommended to apply a patch to fix this issue."
},
{
"lang": "deu",
"value": "Eine problematische Schwachstelle wurde in FFmpeg bis 7.1 ausgemacht. Dies betrifft die Funktion mov_read_trak der Datei libavformat/mov.c der Komponente MOV Parser. Mittels dem Manipulieren mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 43be8d07281caca2e88bfd8ee2333633e1fb1a13 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service",
"cweId": "CWE-404"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "FFmpeg",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.0"
},
{
"version_affected": "=",
"version_value": "7.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.295982",
"refsource": "MISC",
"name": "https://vuldb.com/?id.295982"
},
{
"url": "https://vuldb.com/?ctiid.295982",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.295982"
},
{
"url": "https://vuldb.com/?submit.496930",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.496930"
},
{
"url": "https://trac.ffmpeg.org/ticket/11460",
"refsource": "MISC",
"name": "https://trac.ffmpeg.org/ticket/11460"
},
{
"url": "https://trac.ffmpeg.org/attachment/ticket/11460/poc",
"refsource": "MISC",
"name": "https://trac.ffmpeg.org/attachment/ticket/11460/poc"
},
{
"url": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/43be8d07281caca2e88bfd8ee2333633e1fb1a13",
"refsource": "MISC",
"name": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/43be8d07281caca2e88bfd8ee2333633e1fb1a13"
},
{
"url": "https://ffmpeg.org/",
"refsource": "MISC",
"name": "https://ffmpeg.org/"
}
]
},
"credits": [
{
"lang": "en",
"value": "0x20z (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.3,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.3,
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P"
}
]
}

108
2025/1xxx/CVE-2025-1387.json Normal file
View File

@ -0,0 +1,108 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2025-1387",
"ASSIGNER": "cve@cert.org.tw",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Orca HCM from LEARNING DIGITAL has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to log in to the system as any user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1390 Weak Authentication",
"cweId": "CWE-1390"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Learning Digital",
"product": {
"product_data": [
{
"product_name": "Orca HCM",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "11.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-8427-daea8-1.html",
"refsource": "MISC",
"name": "https://www.twcert.org.tw/tw/cp-132-8427-daea8-1.html"
},
{
"url": "https://www.twcert.org.tw/en/cp-139-8428-59a9a-2.html",
"refsource": "MISC",
"name": "https://www.twcert.org.tw/en/cp-139-8428-59a9a-2.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "TVN-2020502004",
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "For standard user, please update to version 11.0 or later.<br>For customized user, please contact the vendor for updates<br><br>"
}
],
"value": "For standard user, please update to version 11.0 or later.\nFor customized user, please contact the vendor for updates"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}
}

108
2025/1xxx/CVE-2025-1388.json Normal file
View File

@ -0,0 +1,108 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2025-1388",
"ASSIGNER": "cve@cert.org.tw",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Orca HCM from LEARNING DIGITAL has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and run web shells"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"cweId": "CWE-434"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Learning Digital",
"product": {
"product_data": [
{
"product_name": "Orca HCM",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "11.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-8429-07d7e-1.html",
"refsource": "MISC",
"name": "https://www.twcert.org.tw/tw/cp-132-8429-07d7e-1.html"
},
{
"url": "https://www.twcert.org.tw/en/cp-139-8430-32513-2.html",
"refsource": "MISC",
"name": "https://www.twcert.org.tw/en/cp-139-8430-32513-2.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "TVN-202502005",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "For standard user, please update to version 11.0 or later.<br>For customized user, please contact the vendor for updates.<br><br>"
}
],
"value": "For standard user, please update to version 11.0 or later.\nFor customized user, please contact the vendor for updates."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}
}

18
2025/1xxx/CVE-2025-1389.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1389",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}