"-Synchronized-Data."

2024/13xxx/CVE-2024-13966.json

@@ -1,17 +1,94 @@
 {
+    "data_version": "4.0",
     "data_type": "CVE",
     "data_format": "MITRE",
-    "data_version": "4.0",
     "CVE_data_meta": {
         "ID": "CVE-2024-13966",
         "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC"
     },
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "ZKTeco BioTime allows unauthenticated attackers to enumerate usernames and log in as any user with a password unchanged from the default value '123456'. Users should change their passwords (located under the Attendance Settings tab as \"Self-Password\")."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-1393 Use of Default Password",
+                        "cweId": "CWE-1393"
+                    }
+                ]
+            }
+        ]
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "ZKTeco",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "BioTime",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "not down converted",
+                                            "x_cve_json_5_version_data": {
+                                                "versions": [
+                                                    {
+                                                        "version": "*",
+                                                        "status": "affected"
+                                                    }
+                                                ],
+                                                "defaultStatus": "affected"
+                                            }
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://krashconsulting.com/fury-of-fingers-biotime-rce/",
+                "refsource": "MISC",
+                "name": "https://krashconsulting.com/fury-of-fingers-biotime-rce/"
+            },
+            {
+                "url": "https://zkteco-store.ru/wp-content/uploads/2023/09/ZKBio-CVSecurity-6.0.0-User-Manual_EN-v1.0_20230616.pdf",
+                "refsource": "MISC",
+                "name": "https://zkteco-store.ru/wp-content/uploads/2023/09/ZKBio-CVSecurity-6.0.0-User-Manual_EN-v1.0_20230616.pdf"
+            }
+        ]
+    },
+    "impact": {
+        "cvss": [
+            {
+                "scope": "UNCHANGED",
+                "version": "3.1",
+                "baseScore": 7.3,
+                "attackVector": "NETWORK",
+                "baseSeverity": "HIGH",
+                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+                "integrityImpact": "LOW",
+                "userInteraction": "NONE",
+                "attackComplexity": "LOW",
+                "availabilityImpact": "LOW",
+                "privilegesRequired": "NONE",
+                "confidentialityImpact": "LOW"
             }
         ]
     }

2024/55xxx/CVE-2024-55569.json

@@ -34,7 +34,7 @@
         "description_data": [
             {
                 "lang": "eng",
-                "value": "An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The lack of a length check leads to out-of-bounds writes."
+                "value": "An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. The lack of a length check leads to out-of-bounds writes."
             }
         ]
     },

2024/56xxx/CVE-2024-56427.json

@@ -34,7 +34,7 @@
         "description_data": [
             {
                 "lang": "eng",
-                "value": "An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The lack of a length check leads to out-of-bounds access via malformed RRC packets to the target."
+                "value": "An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. The lack of a length check leads to out-of-bounds access via malformed RRC packets to the target."
             }
         ]
     },

2025/26xxx/CVE-2025-26785.json

@@ -34,7 +34,7 @@
         "description_data": [
             {
                 "lang": "eng",
-                "value": "An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The lack of a length check leads to out-of-bounds writes."
+                "value": "An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. The lack of a length check leads to out-of-bounds writes."
             }
         ]
     },

2025/2xxx/CVE-2025-2872.json

@@ -1,17 +1,17 @@
 {
+    "data_version": "4.0",
     "data_type": "CVE",
     "data_format": "MITRE",
-    "data_version": "4.0",
     "CVE_data_meta": {
         "ID": "CVE-2025-2872",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "security@wordfence.com",
+        "STATE": "REJECT"
     },
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-47577. Reason: This candidate is a reservation duplicate of CVE-2025-47577. Notes: All CVE users should reference CVE-2025-47577 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
             }
         ]
     }

2025/5xxx/CVE-2025-5285.json

@@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2025-5285",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}