diff --git a/2020/18xxx/CVE-2020-18243.json b/2020/18xxx/CVE-2020-18243.json index 00987a27bee..2c7a230e241 100644 --- a/2020/18xxx/CVE-2020-18243.json +++ b/2020/18xxx/CVE-2020-18243.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-18243", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-18243", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerability found in Enricozab CMS v.1.0 allows a remote attacker to execute arbitrary code via /hdo/hdo-view-case.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/enricozab/CMS/issues/1", + "refsource": "MISC", + "name": "https://github.com/enricozab/CMS/issues/1" } ] } diff --git a/2024/11xxx/CVE-2024-11040.json b/2024/11xxx/CVE-2024-11040.json index c637aaa7b17..ff1bdca9ac9 100644 --- a/2024/11xxx/CVE-2024-11040.json +++ b/2024/11xxx/CVE-2024-11040.json @@ -5,82 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2024-11040", "ASSIGNER": "security@huntr.com", - "STATE": "PUBLIC" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "vllm-project vllm version 0.5.2.2 is vulnerable to Denial of Service attacks. The issue occurs in the 'POST /v1/completions' and 'POST /v1/embeddings' endpoints. For 'POST /v1/completions', enabling 'use_beam_search' and setting 'best_of' to a high value causes the HTTP connection to time out, with vllm ceasing effective work and the request remaining in a 'pending' state, blocking new completion requests. For 'POST /v1/embeddings', supplying invalid inputs to the JSON object causes an issue in the background loop, resulting in all further completion requests returning a 500 HTTP error code ('Internal Server Error') until vllm is restarted." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-400 Uncontrolled Resource Consumption", - "cweId": "CWE-400" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "vllm-project", - "product": { - "product_data": [ - { - "product_name": "vllm-project/vllm", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "unspecified", - "version_value": "latest" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://huntr.com/bounties/8ce20bbe-3c96-4cd1-97e5-25a5630925be", - "refsource": "MISC", - "name": "https://huntr.com/bounties/8ce20bbe-3c96-4cd1-97e5-25a5630925be" - } - ] - }, - "source": { - "advisory": "8ce20bbe-3c96-4cd1-97e5-25a5630925be", - "discovery": "EXTERNAL" - }, - "impact": { - "cvss": [ - { - "version": "3.0", - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "baseScore": 7.5, - "baseSeverity": "HIGH" + "value": "** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-8939. Notes: All CVE users should reference CVE-2024-8939 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2024/11xxx/CVE-2024-11084.json b/2024/11xxx/CVE-2024-11084.json index 087b9f70d3f..49e7f071cc7 100644 --- a/2024/11xxx/CVE-2024-11084.json +++ b/2024/11xxx/CVE-2024-11084.json @@ -1,18 +1,71 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-11084", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@perforce.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Helix ALM prior to 2025.1 returns distinct error responses during authentication, allowing an attacker to determine whether a username exists." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-203 Observable Discrepancy", + "cweId": "CWE-203" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Perforce", + "product": { + "product_data": [ + { + "product_name": "Helix ALM", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "2025.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://portal.perforce.com/s/detail/a91PA000001SeWbYAK", + "refsource": "MISC", + "name": "https://portal.perforce.com/s/detail/a91PA000001SeWbYAK" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2024/12xxx/CVE-2024-12759.json b/2024/12xxx/CVE-2024-12759.json index 41e1a523df7..be9484dfb32 100644 --- a/2024/12xxx/CVE-2024-12759.json +++ b/2024/12xxx/CVE-2024-12759.json @@ -5,82 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2024-12759", "ASSIGNER": "security@huntr.com", - "STATE": "PUBLIC" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "In bentoml/bentoml version 1.3.9, the `/login` endpoint of the newly integrated Gradio app is vulnerable to a Denial of Service (DoS) attack. This vulnerability can be exploited by appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request. The server continuously processes each character, leading to excessive resource consumption and rendering the service unavailable. The issue is unauthenticated and does not require any user interaction." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-400 Uncontrolled Resource Consumption", - "cweId": "CWE-400" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "bentoml", - "product": { - "product_data": [ - { - "product_name": "bentoml/bentoml", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "unspecified", - "version_value": "latest" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://huntr.com/bounties/e467ec92-0ad1-4461-8468-1beabf701b9f", - "refsource": "MISC", - "name": "https://huntr.com/bounties/e467ec92-0ad1-4461-8468-1beabf701b9f" - } - ] - }, - "source": { - "advisory": "e467ec92-0ad1-4461-8468-1beabf701b9f", - "discovery": "EXTERNAL" - }, - "impact": { - "cvss": [ - { - "version": "3.0", - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "baseScore": 7.5, - "baseSeverity": "HIGH" + "value": "** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-8966. Notes: All CVE users should reference CVE-2024-8966 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2024/12xxx/CVE-2024-12760.json b/2024/12xxx/CVE-2024-12760.json index 7de49a62cae..889d31f3cdd 100644 --- a/2024/12xxx/CVE-2024-12760.json +++ b/2024/12xxx/CVE-2024-12760.json @@ -5,82 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2024-12760", "ASSIGNER": "security@huntr.com", - "STATE": "PUBLIC" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "An open redirect vulnerability in bentoml/bentoml v1.3.9 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This can be exploited for phishing attacks, malware distribution, and credential theft." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-601 URL Redirection to Untrusted Site", - "cweId": "CWE-601" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "bentoml", - "product": { - "product_data": [ - { - "product_name": "bentoml/bentoml", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "unspecified", - "version_value": "latest" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://huntr.com/bounties/2a284ff6-cc6c-4a10-b72e-1bb31c842bca", - "refsource": "MISC", - "name": "https://huntr.com/bounties/2a284ff6-cc6c-4a10-b72e-1bb31c842bca" - } - ] - }, - "source": { - "advisory": "2a284ff6-cc6c-4a10-b72e-1bb31c842bca", - "discovery": "EXTERNAL" - }, - "impact": { - "cvss": [ - { - "version": "3.0", - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "baseScore": 6.1, - "baseSeverity": "MEDIUM" + "value": "** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-4940. Notes: All CVE users should reference CVE-2024-4940 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2024/12xxx/CVE-2024-12868.json b/2024/12xxx/CVE-2024-12868.json index d5cd6852732..785fac589f0 100644 --- a/2024/12xxx/CVE-2024-12868.json +++ b/2024/12xxx/CVE-2024-12868.json @@ -5,82 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2024-12868", "ASSIGNER": "security@huntr.com", - "STATE": "PUBLIC" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "In version 0.3.32 of open-webui, the application uses a vulnerable version of the starlette package through its dependency on fastapi. The starlette package versions <=0.49 are susceptible to uncontrolled resource consumption, which can be exploited to cause a denial of service through memory exhaustion. This issue is addressed in fastapi version 0.115.3." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-400 Uncontrolled Resource Consumption", - "cweId": "CWE-400" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "open-webui", - "product": { - "product_data": [ - { - "product_name": "open-webui/open-webui", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "unspecified", - "version_value": "latest" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://huntr.com/bounties/56175583-70e3-4d53-94de-3f3a8e2423ec", - "refsource": "MISC", - "name": "https://huntr.com/bounties/56175583-70e3-4d53-94de-3f3a8e2423ec" - } - ] - }, - "source": { - "advisory": "56175583-70e3-4d53-94de-3f3a8e2423ec", - "discovery": "EXTERNAL" - }, - "impact": { - "cvss": [ - { - "version": "3.0", - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "baseScore": 7.5, - "baseSeverity": "HIGH" + "value": "** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-47874. Notes: All CVE users should reference CVE-2024-47874 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2024/13xxx/CVE-2024-13177.json b/2024/13xxx/CVE-2024-13177.json index 5ee533ddec7..5cfb4924f94 100644 --- a/2024/13xxx/CVE-2024-13177.json +++ b/2024/13xxx/CVE-2024-13177.json @@ -1,18 +1,91 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-13177", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@netskope.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Netskope Client on Mac OS is impacted by a vulnerability in which the postinstall script does not properly validate the path of the file \u201cnsinstallation\u201d. A standard user could potentially create a symlink of the file \u201cnsinstallation\u201d to escalate the privileges of a different file on the system. \nThis issue affects Netskope Client: before 123.0, before 117.1.11.2310, before 120.1.10.2306." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-610 Externally Controlled Reference to a Resource in Another Sphere", + "cweId": "CWE-610" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Netskope", + "product": { + "product_data": [ + { + "product_name": "Netskope Client", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "123.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.netskope.com/s/article/Netskope-Security-Advisory-Netskope-Client-installer-with-symbolic-link-following-vulnerability-leading-to-privilege-escalation", + "refsource": "MISC", + "name": "https://support.netskope.com/s/article/Netskope-Security-Advisory-Netskope-Client-installer-with-symbolic-link-following-vulnerability-leading-to-privilege-escalation" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "NSKPSA-2024-004", + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Upgrade the Netskope Client to one of the following versions:
" + } + ], + "value": "Upgrade the Netskope Client to one of the following versions:\n * R123 or above\n * 120.1.10.2306\n * 117.1.11.2310" + } + ], + "credits": [ + { + "lang": "en", + "value": "Max Keasley" + } + ] } \ No newline at end of file diff --git a/2024/20xxx/CVE-2024-20758.json b/2024/20xxx/CVE-2024-20758.json index 211f803766a..365c265bde4 100644 --- a/2024/20xxx/CVE-2024-20758.json +++ b/2024/20xxx/CVE-2024-20758.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but the attack complexity is high." + "value": "Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution on the underlying filesystem. Exploitation of this issue does not require user interaction, but the attack complexity is high." } ] }, @@ -96,7 +96,7 @@ "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "HIGH", "modifiedPrivilegesRequired": "NONE", - "modifiedScope": "NOT_DEFINED", + "modifiedScope": "CHANGED", "modifiedUserInteraction": "NONE", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", diff --git a/2024/36xxx/CVE-2024-36842.json b/2024/36xxx/CVE-2024-36842.json index d51ce5efb6a..3a8a6040226 100644 --- a/2024/36xxx/CVE-2024-36842.json +++ b/2024/36xxx/CVE-2024-36842.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-36842", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-36842", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in Oncord+ Android Infotainment Systems OS Android 12, Model Hardware TS17,Hardware part Number F57L_V3.2_20220301, and Build Number PlatformVER:K24-2023/05/09-v0.01 allows a remote attacker to execute arbitrary code via the ADB port component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/abbiy/Backdooring-Oncord-Android-Sterio-/blob/main/README.md", + "refsource": "MISC", + "name": "https://github.com/abbiy/Backdooring-Oncord-Android-Sterio-/blob/main/README.md" } ] } diff --git a/2024/7xxx/CVE-2024-7773.json b/2024/7xxx/CVE-2024-7773.json index 36227b1554d..88cf82962a3 100644 --- a/2024/7xxx/CVE-2024-7773.json +++ b/2024/7xxx/CVE-2024-7773.json @@ -5,87 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2024-7773", "ASSIGNER": "security@huntr.com", - "STATE": "PUBLIC" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability in ollama/ollama version 0.1.37 allows for remote code execution (RCE) due to improper input validation in the handling of zip files. The vulnerability, known as ZipSlip, occurs in the parseFromZipFile function in server/model.go. The code does not check for directory traversal sequences (../) in file names within the zip archive, allowing an attacker to write arbitrary files to the file system. This can be exploited to create files such as /etc/ld.so.preload and a malicious shared library, leading to RCE." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-20 Improper Input Validation", - "cweId": "CWE-20" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "ollama", - "product": { - "product_data": [ - { - "product_name": "ollama/ollama", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "unspecified", - "version_value": "0.4.0" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://huntr.com/bounties/aeb82e05-484f-4431-9ede-25a3478d8dbb", - "refsource": "MISC", - "name": "https://huntr.com/bounties/aeb82e05-484f-4431-9ede-25a3478d8dbb" - }, - { - "url": "https://github.com/ollama/ollama/commit/123a722a6f541e300bc8e34297ac378ebe23f527", - "refsource": "MISC", - "name": "https://github.com/ollama/ollama/commit/123a722a6f541e300bc8e34297ac378ebe23f527" - } - ] - }, - "source": { - "advisory": "aeb82e05-484f-4431-9ede-25a3478d8dbb", - "discovery": "EXTERNAL" - }, - "impact": { - "cvss": [ - { - "version": "3.0", - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "confidentialityImpact": "NONE", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", - "baseScore": 9.1, - "baseSeverity": "CRITICAL" + "value": "** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-45436. Notes: All CVE users should reference CVE-2024-45436 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2024/7xxx/CVE-2024-7999.json b/2024/7xxx/CVE-2024-7999.json index 08779a265d2..1beed38930d 100644 --- a/2024/7xxx/CVE-2024-7999.json +++ b/2024/7xxx/CVE-2024-7999.json @@ -5,82 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2024-7999", "ASSIGNER": "security@huntr.com", - "STATE": "PUBLIC" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability in open-webui/open-webui version 79778fa allows an attacker to cause a Denial of Service (DoS) by uploading a file with a malformed multipart boundary. By appending a large number of characters to the end of the multipart boundary, the server continuously processes each character, rendering the application inaccessible. This issue can prevent all users from accessing the application until the server recovers." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-400 Uncontrolled Resource Consumption", - "cweId": "CWE-400" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "open-webui", - "product": { - "product_data": [ - { - "product_name": "open-webui/open-webui", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "unspecified", - "version_value": "latest" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://huntr.com/bounties/15eb4fbe-70d4-420e-806a-ec6f4ecb7202", - "refsource": "MISC", - "name": "https://huntr.com/bounties/15eb4fbe-70d4-420e-806a-ec6f4ecb7202" - } - ] - }, - "source": { - "advisory": "15eb4fbe-70d4-420e-806a-ec6f4ecb7202", - "discovery": "EXTERNAL" - }, - "impact": { - "cvss": [ - { - "version": "3.0", - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "baseScore": 7.5, - "baseSeverity": "HIGH" + "value": "** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-53981. Notes: All CVE users should reference CVE-2024-53981 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2024/9xxx/CVE-2024-9016.json b/2024/9xxx/CVE-2024-9016.json index 98ec2b3cecb..f1855bc028b 100644 --- a/2024/9xxx/CVE-2024-9016.json +++ b/2024/9xxx/CVE-2024-9016.json @@ -5,82 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2024-9016", "ASSIGNER": "security@huntr.com", - "STATE": "PUBLIC" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "man-group dtale version <= 3.13.1 contains a vulnerability where the query parameters from the request are directly passed into the run_query function without proper sanitization. This allows for unauthenticated remote command execution via the df.query method when the query engine is set to 'python'." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-94 Improper Control of Generation of Code", - "cweId": "CWE-94" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "man-group", - "product": { - "product_data": [ - { - "product_name": "man-group/dtale", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "unspecified", - "version_value": "latest" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://huntr.com/bounties/8b84de4f-e4c6-44f7-b985-d548b07ccf89", - "refsource": "MISC", - "name": "https://huntr.com/bounties/8b84de4f-e4c6-44f7-b985-d548b07ccf89" - } - ] - }, - "source": { - "advisory": "8b84de4f-e4c6-44f7-b985-d548b07ccf89", - "discovery": "EXTERNAL" - }, - "impact": { - "cvss": [ - { - "version": "3.0", - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "value": "** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-45595. Notes: All CVE users should reference CVE-2024-45595 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2024/9xxx/CVE-2024-9840.json b/2024/9xxx/CVE-2024-9840.json index 886fa124b7b..f15275eaa34 100644 --- a/2024/9xxx/CVE-2024-9840.json +++ b/2024/9xxx/CVE-2024-9840.json @@ -5,82 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2024-9840", "ASSIGNER": "security@huntr.com", - "STATE": "PUBLIC" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "A Denial of Service (DoS) vulnerability exists in open-webui/open-webui version 0.3.21. This vulnerability affects multiple endpoints, including `/ollama/models/upload`, `/audio/api/v1/transcriptions`, and `/rag/api/v1/doc`. The application processes multipart boundaries without authentication, leading to resource exhaustion. By appending additional characters to the multipart boundary, an attacker can cause the server to parse each byte of the boundary, ultimately leading to service unavailability. This vulnerability can be exploited remotely, resulting in high CPU and memory usage, and rendering the service inaccessible to legitimate users." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-400 Uncontrolled Resource Consumption", - "cweId": "CWE-400" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "open-webui", - "product": { - "product_data": [ - { - "product_name": "open-webui/open-webui", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "unspecified", - "version_value": "latest" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://huntr.com/bounties/9178f09e-4d4f-4a5b-bc32-cada7445b03c", - "refsource": "MISC", - "name": "https://huntr.com/bounties/9178f09e-4d4f-4a5b-bc32-cada7445b03c" - } - ] - }, - "source": { - "advisory": "9178f09e-4d4f-4a5b-bc32-cada7445b03c", - "discovery": "EXTERNAL" - }, - "impact": { - "cvss": [ - { - "version": "3.0", - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "baseScore": 7.5, - "baseSeverity": "HIGH" + "value": "** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-53981. Notes: All CVE users should reference CVE-2024-53981 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2024/9xxx/CVE-2024-9901.json b/2024/9xxx/CVE-2024-9901.json index 8970e43b867..3834382fe04 100644 --- a/2024/9xxx/CVE-2024-9901.json +++ b/2024/9xxx/CVE-2024-9901.json @@ -5,87 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2024-9901", "ASSIGNER": "security@huntr.com", - "STATE": "PUBLIC" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "LocalAI version v2.19.4 (af0545834fd565ab56af0b9348550ca9c3cb5349) contains a vulnerability where the delete model API improperly neutralizes input during web page generation, leading to a one-time storage cross-site scripting (XSS) vulnerability. This vulnerability allows an attacker to store a malicious payload that executes when a user accesses the homepage. Additionally, the presence of cross-site request forgery (CSRF) can enable automated malicious requests." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "mudler", - "product": { - "product_data": [ - { - "product_name": "mudler/localai", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "unspecified", - "version_value": "2.22.0" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://huntr.com/bounties/31332c23-ea89-4176-ba57-388cf6008945", - "refsource": "MISC", - "name": "https://huntr.com/bounties/31332c23-ea89-4176-ba57-388cf6008945" - }, - { - "url": "https://github.com/mudler/localai/commit/a1634b219a4e52813e70ff07e6376a01449c4515", - "refsource": "MISC", - "name": "https://github.com/mudler/localai/commit/a1634b219a4e52813e70ff07e6376a01449c4515" - } - ] - }, - "source": { - "advisory": "31332c23-ea89-4176-ba57-388cf6008945", - "discovery": "EXTERNAL" - }, - "impact": { - "cvss": [ - { - "version": "3.0", - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "confidentialityImpact": "NONE", - "integrityImpact": "LOW", - "privilegesRequired": "HIGH", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N", - "baseScore": 3.4, - "baseSeverity": "LOW" + "value": "** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-48057. Notes: All CVE users should reference CVE-2024-48057 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2025/0xxx/CVE-2025-0313.json b/2025/0xxx/CVE-2025-0313.json index 302ca88ed9e..12f834179ab 100644 --- a/2025/0xxx/CVE-2025-0313.json +++ b/2025/0xxx/CVE-2025-0313.json @@ -5,82 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2025-0313", "ASSIGNER": "security@huntr.com", - "STATE": "PUBLIC" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to create a GGUF model that can cause a denial of service (DoS) attack. The vulnerability is due to improper validation of array index bounds in the GGUF model handling code, which can be exploited via a remote network." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-129 Improper Validation of Array Index", - "cweId": "CWE-129" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "ollama", - "product": { - "product_data": [ - { - "product_name": "ollama/ollama", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "unspecified", - "version_value": "latest" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://huntr.com/bounties/450c90f9-bc02-4560-afd4-d0aa057ac82c", - "refsource": "MISC", - "name": "https://huntr.com/bounties/450c90f9-bc02-4560-afd4-d0aa057ac82c" - } - ] - }, - "source": { - "advisory": "450c90f9-bc02-4560-afd4-d0aa057ac82c", - "discovery": "EXTERNAL" - }, - "impact": { - "cvss": [ - { - "version": "3.0", - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "baseScore": 7.5, - "baseSeverity": "HIGH" + "value": "** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-12055. Notes: All CVE users should reference CVE-2024-12055 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2025/0xxx/CVE-2025-0655.json b/2025/0xxx/CVE-2025-0655.json index c3a3e37942a..1d4536468ab 100644 --- a/2025/0xxx/CVE-2025-0655.json +++ b/2025/0xxx/CVE-2025-0655.json @@ -5,87 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2025-0655", "ASSIGNER": "security@huntr.com", - "STATE": "PUBLIC" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability in man-group/dtale versions 3.15.1 allows an attacker to override global state settings to enable the `enable_custom_filters` feature, which is typically restricted to trusted environments. Once enabled, the attacker can exploit the /test-filter endpoint to execute arbitrary system commands, leading to remote code execution (RCE). This issue is addressed in version 3.16.1." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", - "cweId": "CWE-77" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "man-group", - "product": { - "product_data": [ - { - "product_name": "man-group/dtale", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "unspecified", - "version_value": "3.16.1" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://huntr.com/bounties/f63af7bd-5438-4b36-a39b-4c90466cff13", - "refsource": "MISC", - "name": "https://huntr.com/bounties/f63af7bd-5438-4b36-a39b-4c90466cff13" - }, - { - "url": "https://github.com/man-group/dtale/commit/1e26ed3ca12fe83812b90f12a2b3e5fb0b740f7a", - "refsource": "MISC", - "name": "https://github.com/man-group/dtale/commit/1e26ed3ca12fe83812b90f12a2b3e5fb0b740f7a" - } - ] - }, - "source": { - "advisory": "f63af7bd-5438-4b36-a39b-4c90466cff13", - "discovery": "EXTERNAL" - }, - "impact": { - "cvss": [ - { - "version": "3.0", - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" + "value": "** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-55890. Notes: All CVE users should reference CVE-2024-55890 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2025/24xxx/CVE-2025-24429.json b/2025/24xxx/CVE-2025-24429.json index 6547110577d..f7f6ac668f8 100644 --- a/2025/24xxx/CVE-2025-24429.json +++ b/2025/24xxx/CVE-2025-24429.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction." + "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass allowing read only access. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction." } ] }, diff --git a/2025/24xxx/CVE-2025-24948.json b/2025/24xxx/CVE-2025-24948.json index 5165d567843..bbee90294c1 100644 --- a/2025/24xxx/CVE-2025-24948.json +++ b/2025/24xxx/CVE-2025-24948.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-24948", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-24948", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In JotUrl 2.0, passwords are sent via HTTP GET-type requests, potentially exposing credentials to eavesdropping or insecure records." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.gruppotim.it/it/footer/red-team.html", + "refsource": "MISC", + "name": "https://www.gruppotim.it/it/footer/red-team.html" } ] } diff --git a/2025/24xxx/CVE-2025-24949.json b/2025/24xxx/CVE-2025-24949.json index 6d8e36c59a5..7a71ae893ca 100644 --- a/2025/24xxx/CVE-2025-24949.json +++ b/2025/24xxx/CVE-2025-24949.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-24949", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-24949", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In JotUrl 2.0, is possible to bypass security requirements during the password change process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.gruppotim.it/it/footer/red-team.html", + "refsource": "MISC", + "name": "https://www.gruppotim.it/it/footer/red-team.html" } ] } diff --git a/2025/28xxx/CVE-2025-28142.json b/2025/28xxx/CVE-2025-28142.json index 73cebe70c66..4de58aad3eb 100644 --- a/2025/28xxx/CVE-2025-28142.json +++ b/2025/28xxx/CVE-2025-28142.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-28142", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-28142", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3_1.0.15 was discovered to contain a command injection vulnerability via the foldername in /boafrm/formDiskCreateShare." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/regainer27/edimax-br-6478ac_v3-br-6478ac_v3_1.0.15/tree/main/4", + "refsource": "MISC", + "name": "https://github.com/regainer27/edimax-br-6478ac_v3-br-6478ac_v3_1.0.15/tree/main/4" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/regainer27/fb033d40b9d0245c36e520eeb34b7e76", + "url": "https://gist.github.com/regainer27/fb033d40b9d0245c36e520eeb34b7e76" } ] } diff --git a/2025/28xxx/CVE-2025-28143.json b/2025/28xxx/CVE-2025-28143.json index dad4d73a81f..9d4a9b76f4b 100644 --- a/2025/28xxx/CVE-2025-28143.json +++ b/2025/28xxx/CVE-2025-28143.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-28143", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-28143", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3_1.0.15 was discovered to contain a command injection vulnerability via the groupname at the /boafrm/formDiskCreateGroup." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/regainer27/edimax-br-6478ac_v3-br-6478ac_v3_1.0.15/tree/main/5", + "refsource": "MISC", + "name": "https://github.com/regainer27/edimax-br-6478ac_v3-br-6478ac_v3_1.0.15/tree/main/5" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/regainer27/885505cda80f81069ba39b11f2f996fc", + "url": "https://gist.github.com/regainer27/885505cda80f81069ba39b11f2f996fc" } ] } diff --git a/2025/28xxx/CVE-2025-28144.json b/2025/28xxx/CVE-2025-28144.json index 92b306116a0..6f6adc3f868 100644 --- a/2025/28xxx/CVE-2025-28144.json +++ b/2025/28xxx/CVE-2025-28144.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-28144", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-28144", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a stack overflow vlunerability via peerPin parameter in the formWsc function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/regainer27/edimax-br-6478ac_v3-br-6478ac_v3_1.0.15/tree/main/edimax_br-6847_v3-%20peerpin_stack_overflow", + "refsource": "MISC", + "name": "https://github.com/regainer27/edimax-br-6478ac_v3-br-6478ac_v3_1.0.15/tree/main/edimax_br-6847_v3-%20peerpin_stack_overflow" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/regainer27/31a4df78e523635085908ddd4b68d91f", + "url": "https://gist.github.com/regainer27/31a4df78e523635085908ddd4b68d91f" } ] } diff --git a/2025/28xxx/CVE-2025-28198.json b/2025/28xxx/CVE-2025-28198.json index 89b3d097f83..a0174e5bf28 100644 --- a/2025/28xxx/CVE-2025-28198.json +++ b/2025/28xxx/CVE-2025-28198.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-28198", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-28198", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A SQL injection vulnerability in Hitout car sale 1.0 allows a remote attacker to obtain sensitive information via the orderBy parameter of the StoreController.java component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Hitout/carsale/issues/24", + "refsource": "MISC", + "name": "https://github.com/Hitout/carsale/issues/24" } ] } diff --git a/2025/2xxx/CVE-2025-2830.json b/2025/2xxx/CVE-2025-2830.json index d51348d76ce..22b16379bd4 100644 --- a/2025/2xxx/CVE-2025-2830.json +++ b/2025/2xxx/CVE-2025-2830.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2830", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attackers to disclose sensitive information from the victim's system. This vulnerability is not limited to Linux; similar behavior has been observed on Windows as well. This vulnerability affects Thunderbird < 137.0.2 and Thunderbird < 128.9.2." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure of /tmp directory listing" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "137.0.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1956379", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1956379" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2025-26/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2025-26/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2025-27/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2025-27/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Dario Wei\u00dfer" + } + ] } \ No newline at end of file diff --git a/2025/32xxx/CVE-2025-32911.json b/2025/32xxx/CVE-2025-32911.json index 084f04c7f9e..9238669d5b2 100644 --- a/2025/32xxx/CVE-2025-32911.json +++ b/2025/32xxx/CVE-2025-32911.json @@ -1,17 +1,133 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-32911", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in libsoup, which is vulnerable to a use-after-free memory issue not on the heap in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Free of Memory not on the Heap", + "cweId": "CWE-590" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 6", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2025-32911", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2025-32911" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359355", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2359355" + } + ] + }, + "work_around": [ + { + "lang": "en", + "value": "Currently, no mitigation is available for this vulnerability." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/33xxx/CVE-2025-33031.json b/2025/33xxx/CVE-2025-33031.json new file mode 100644 index 00000000000..5c0e66fe86b --- /dev/null +++ b/2025/33xxx/CVE-2025-33031.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-33031", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/33xxx/CVE-2025-33032.json b/2025/33xxx/CVE-2025-33032.json new file mode 100644 index 00000000000..247bae011ec --- /dev/null +++ b/2025/33xxx/CVE-2025-33032.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-33032", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/33xxx/CVE-2025-33033.json b/2025/33xxx/CVE-2025-33033.json new file mode 100644 index 00000000000..9f6e0eeed68 --- /dev/null +++ b/2025/33xxx/CVE-2025-33033.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-33033", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/33xxx/CVE-2025-33034.json b/2025/33xxx/CVE-2025-33034.json new file mode 100644 index 00000000000..6c18c00b19d --- /dev/null +++ b/2025/33xxx/CVE-2025-33034.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-33034", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/33xxx/CVE-2025-33035.json b/2025/33xxx/CVE-2025-33035.json new file mode 100644 index 00000000000..bbc98fde5e7 --- /dev/null +++ b/2025/33xxx/CVE-2025-33035.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-33035", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/33xxx/CVE-2025-33036.json b/2025/33xxx/CVE-2025-33036.json new file mode 100644 index 00000000000..2fc292da641 --- /dev/null +++ b/2025/33xxx/CVE-2025-33036.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-33036", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/33xxx/CVE-2025-33037.json b/2025/33xxx/CVE-2025-33037.json new file mode 100644 index 00000000000..2c3ec8c2678 --- /dev/null +++ b/2025/33xxx/CVE-2025-33037.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-33037", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/33xxx/CVE-2025-33038.json b/2025/33xxx/CVE-2025-33038.json new file mode 100644 index 00000000000..78e6535696d --- /dev/null +++ b/2025/33xxx/CVE-2025-33038.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-33038", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/33xxx/CVE-2025-33039.json b/2025/33xxx/CVE-2025-33039.json new file mode 100644 index 00000000000..5b421571a01 --- /dev/null +++ b/2025/33xxx/CVE-2025-33039.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-33039", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/33xxx/CVE-2025-33040.json b/2025/33xxx/CVE-2025-33040.json new file mode 100644 index 00000000000..73f7644f46b --- /dev/null +++ b/2025/33xxx/CVE-2025-33040.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-33040", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/33xxx/CVE-2025-33041.json b/2025/33xxx/CVE-2025-33041.json new file mode 100644 index 00000000000..9a993613e9c --- /dev/null +++ b/2025/33xxx/CVE-2025-33041.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-33041", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/33xxx/CVE-2025-33042.json b/2025/33xxx/CVE-2025-33042.json new file mode 100644 index 00000000000..9c9bb356603 --- /dev/null +++ b/2025/33xxx/CVE-2025-33042.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-33042", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/3xxx/CVE-2025-3522.json b/2025/3xxx/CVE-2025-3522.json index 628b9a78f09..acc7e5a2c97 100644 --- a/2025/3xxx/CVE-2025-3522.json +++ b/2025/3xxx/CVE-2025-3522.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3522", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to determine file size, and navigates to it when the user clicks the attachment. Because the URL is not validated or sanitized, it can reference internal resources like chrome:// or SMB share file:// links, potentially leading to hashed Windows credential leakage and opening the door to more serious security issues. This vulnerability affects Thunderbird < 137.0.2 and Thunderbird < 128.9.2." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Leak of hashed Window credentials via crafted attachment URL" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "137.0.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1955372", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1955372" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2025-26/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2025-26/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2025-27/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2025-27/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Dario Wei\u00dfer" + } + ] } \ No newline at end of file diff --git a/2025/3xxx/CVE-2025-3523.json b/2025/3xxx/CVE-2025-3523.json index 0e9219dae15..e95133e5054 100644 --- a/2025/3xxx/CVE-2025-3523.json +++ b/2025/3xxx/CVE-2025-3523.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3523", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is shown when hovering over any attachment. Although the correct link is used on click, the misleading hover text could trick users into downloading content from untrusted sources. This vulnerability affects Thunderbird < 137.0.2 and Thunderbird < 128.9.2." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "User Interface (UI) Misrepresentation of attachment URL" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "137.0.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1958385", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1958385" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2025-26/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2025-26/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2025-27/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2025-27/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Dario Wei\u00dfer" + } + ] } \ No newline at end of file diff --git a/2025/3xxx/CVE-2025-3650.json b/2025/3xxx/CVE-2025-3650.json new file mode 100644 index 00000000000..3a07b06c414 --- /dev/null +++ b/2025/3xxx/CVE-2025-3650.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-3650", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file