From 3709c7674e784b6ed00dae736d8e4831654331d4 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 27 May 2025 19:00:39 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/13xxx/CVE-2024-13966.json | 83 ++++++++++++++++++++++++++++++++-- 2024/55xxx/CVE-2024-55569.json | 2 +- 2024/56xxx/CVE-2024-56427.json | 2 +- 2025/26xxx/CVE-2025-26785.json | 2 +- 2025/2xxx/CVE-2025-2872.json | 8 ++-- 2025/5xxx/CVE-2025-5285.json | 18 ++++++++ 6 files changed, 105 insertions(+), 10 deletions(-) create mode 100644 2025/5xxx/CVE-2025-5285.json diff --git a/2024/13xxx/CVE-2024-13966.json b/2024/13xxx/CVE-2024-13966.json index 2b4e9a96d95..cb09d521eb0 100644 --- a/2024/13xxx/CVE-2024-13966.json +++ b/2024/13xxx/CVE-2024-13966.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-13966", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ZKTeco BioTime allows unauthenticated attackers to enumerate usernames and log in as any user with a password unchanged from the default value '123456'. Users should change their passwords (located under the Attendance Settings tab as \"Self-Password\")." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1393 Use of Default Password", + "cweId": "CWE-1393" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ZKTeco", + "product": { + "product_data": [ + { + "product_name": "BioTime", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "*", + "status": "affected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://krashconsulting.com/fury-of-fingers-biotime-rce/", + "refsource": "MISC", + "name": "https://krashconsulting.com/fury-of-fingers-biotime-rce/" + }, + { + "url": "https://zkteco-store.ru/wp-content/uploads/2023/09/ZKBio-CVSecurity-6.0.0-User-Manual_EN-v1.0_20230616.pdf", + "refsource": "MISC", + "name": "https://zkteco-store.ru/wp-content/uploads/2023/09/ZKBio-CVSecurity-6.0.0-User-Manual_EN-v1.0_20230616.pdf" + } + ] + }, + "impact": { + "cvss": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 7.3, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "integrityImpact": "LOW", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "LOW", + "privilegesRequired": "NONE", + "confidentialityImpact": "LOW" } ] } diff --git a/2024/55xxx/CVE-2024-55569.json b/2024/55xxx/CVE-2024-55569.json index ec6ac6758fe..d57ee4e5547 100644 --- a/2024/55xxx/CVE-2024-55569.json +++ b/2024/55xxx/CVE-2024-55569.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The lack of a length check leads to out-of-bounds writes." + "value": "An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. The lack of a length check leads to out-of-bounds writes." } ] }, diff --git a/2024/56xxx/CVE-2024-56427.json b/2024/56xxx/CVE-2024-56427.json index 1b95c1e56b2..3895aaedf37 100644 --- a/2024/56xxx/CVE-2024-56427.json +++ b/2024/56xxx/CVE-2024-56427.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The lack of a length check leads to out-of-bounds access via malformed RRC packets to the target." + "value": "An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. The lack of a length check leads to out-of-bounds access via malformed RRC packets to the target." } ] }, diff --git a/2025/26xxx/CVE-2025-26785.json b/2025/26xxx/CVE-2025-26785.json index 251692d4aa3..e416cdc42a8 100644 --- a/2025/26xxx/CVE-2025-26785.json +++ b/2025/26xxx/CVE-2025-26785.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The lack of a length check leads to out-of-bounds writes." + "value": "An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. The lack of a length check leads to out-of-bounds writes." } ] }, diff --git a/2025/2xxx/CVE-2025-2872.json b/2025/2xxx/CVE-2025-2872.json index 7c0f53f013b..a7c7c50d381 100644 --- a/2025/2xxx/CVE-2025-2872.json +++ b/2025/2xxx/CVE-2025-2872.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2872", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-47577. Reason: This candidate is a reservation duplicate of CVE-2025-47577. Notes: All CVE users should reference CVE-2025-47577 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2025/5xxx/CVE-2025-5285.json b/2025/5xxx/CVE-2025-5285.json new file mode 100644 index 00000000000..3d92a355d46 --- /dev/null +++ b/2025/5xxx/CVE-2025-5285.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-5285", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file