From 375c2a82989ac3d44e784171d4eb492791790af5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 23 Jan 2025 17:01:58 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/10xxx/CVE-2024-10929.json | 83 ++++- 2024/11xxx/CVE-2024-11147.json | 80 ++++- 2024/11xxx/CVE-2024-11166.json | 81 ++++- 2024/11xxx/CVE-2024-11218.json | 135 +++++++- 2024/12xxx/CVE-2024-12043.json | 76 ++++- 2024/12xxx/CVE-2024-12078.json | 75 ++++- 2024/12xxx/CVE-2024-12079.json | 70 +++- 2024/13xxx/CVE-2024-13613.json | 18 ++ 2024/13xxx/CVE-2024-13622.json | 18 ++ 2024/13xxx/CVE-2024-13623.json | 18 ++ 2024/13xxx/CVE-2024-13635.json | 18 ++ 2024/13xxx/CVE-2024-13636.json | 18 ++ 2024/13xxx/CVE-2024-13637.json | 18 ++ 2024/13xxx/CVE-2024-13638.json | 18 ++ 2024/13xxx/CVE-2024-13639.json | 18 ++ 2024/13xxx/CVE-2024-13640.json | 18 ++ 2024/13xxx/CVE-2024-13641.json | 18 ++ 2024/13xxx/CVE-2024-13642.json | 18 ++ 2024/13xxx/CVE-2024-13653.json | 18 ++ 2024/13xxx/CVE-2024-13654.json | 18 ++ 2024/13xxx/CVE-2024-13655.json | 18 ++ 2024/13xxx/CVE-2024-13656.json | 18 ++ 2024/13xxx/CVE-2024-13657.json | 18 ++ 2024/13xxx/CVE-2024-13658.json | 18 ++ 2024/52xxx/CVE-2024-52327.json | 120 ++++++- 2024/52xxx/CVE-2024-52328.json | 67 +++- 2024/52xxx/CVE-2024-52329.json | 86 ++++- 2024/52xxx/CVE-2024-52330.json | 561 ++++++++++++++++++++++++++++++++- 2024/52xxx/CVE-2024-52331.json | 76 ++++- 2025/0xxx/CVE-2025-0632.json | 18 ++ 2025/0xxx/CVE-2025-0636.json | 18 ++ 2025/0xxx/CVE-2025-0650.json | 285 ++++++++++++++++- 2025/0xxx/CVE-2025-0651.json | 18 ++ 2025/0xxx/CVE-2025-0656.json | 18 ++ 2025/0xxx/CVE-2025-0677.json | 18 ++ 2025/0xxx/CVE-2025-0678.json | 18 ++ 2025/0xxx/CVE-2025-0679.json | 18 ++ 2025/0xxx/CVE-2025-0680.json | 18 ++ 2025/0xxx/CVE-2025-0681.json | 18 ++ 2025/20xxx/CVE-2025-20019.json | 18 ++ 2025/23xxx/CVE-2025-23960.json | 85 ++++- 2025/23xxx/CVE-2025-23966.json | 85 ++++- 2025/23xxx/CVE-2025-23992.json | 113 ++++++- 2025/24xxx/CVE-2025-24027.json | 81 ++++- 2025/24xxx/CVE-2025-24030.json | 91 +++++- 2025/24xxx/CVE-2025-24312.json | 18 ++ 2025/24xxx/CVE-2025-24397.json | 54 +++- 2025/24xxx/CVE-2025-24398.json | 54 +++- 2025/24xxx/CVE-2025-24399.json | 67 +++- 2025/24xxx/CVE-2025-24400.json | 54 +++- 2025/24xxx/CVE-2025-24401.json | 54 +++- 2025/24xxx/CVE-2025-24402.json | 54 +++- 2025/24xxx/CVE-2025-24403.json | 54 +++- 2025/24xxx/CVE-2025-24500.json | 18 ++ 2025/24xxx/CVE-2025-24501.json | 18 ++ 2025/24xxx/CVE-2025-24502.json | 18 ++ 2025/24xxx/CVE-2025-24503.json | 18 ++ 2025/24xxx/CVE-2025-24504.json | 18 ++ 2025/24xxx/CVE-2025-24505.json | 18 ++ 2025/24xxx/CVE-2025-24506.json | 18 ++ 2025/24xxx/CVE-2025-24507.json | 18 ++ 2025/24xxx/CVE-2025-24508.json | 18 ++ 2025/24xxx/CVE-2025-24509.json | 18 ++ 2025/24xxx/CVE-2025-24513.json | 18 ++ 2025/24xxx/CVE-2025-24514.json | 18 ++ 2025/24xxx/CVE-2025-24563.json | 18 ++ 2025/24xxx/CVE-2025-24564.json | 18 ++ 2025/24xxx/CVE-2025-24565.json | 18 ++ 2025/24xxx/CVE-2025-24566.json | 18 ++ 2025/24xxx/CVE-2025-24567.json | 18 ++ 2025/24xxx/CVE-2025-24568.json | 18 ++ 2025/24xxx/CVE-2025-24569.json | 18 ++ 2025/24xxx/CVE-2025-24570.json | 18 ++ 2025/24xxx/CVE-2025-24571.json | 18 ++ 2025/24xxx/CVE-2025-24572.json | 18 ++ 2025/24xxx/CVE-2025-24573.json | 18 ++ 2025/24xxx/CVE-2025-24574.json | 18 ++ 2025/24xxx/CVE-2025-24575.json | 18 ++ 2025/24xxx/CVE-2025-24576.json | 18 ++ 2025/24xxx/CVE-2025-24577.json | 18 ++ 2025/24xxx/CVE-2025-24578.json | 18 ++ 2025/24xxx/CVE-2025-24579.json | 18 ++ 2025/24xxx/CVE-2025-24580.json | 18 ++ 2025/24xxx/CVE-2025-24581.json | 18 ++ 2025/24xxx/CVE-2025-24582.json | 18 ++ 2025/24xxx/CVE-2025-24583.json | 18 ++ 2025/24xxx/CVE-2025-24584.json | 18 ++ 2025/24xxx/CVE-2025-24585.json | 18 ++ 2025/24xxx/CVE-2025-24586.json | 18 ++ 2025/24xxx/CVE-2025-24587.json | 18 ++ 2025/24xxx/CVE-2025-24588.json | 18 ++ 2025/24xxx/CVE-2025-24589.json | 18 ++ 2025/24xxx/CVE-2025-24590.json | 18 ++ 2025/24xxx/CVE-2025-24591.json | 18 ++ 2025/24xxx/CVE-2025-24592.json | 18 ++ 2025/24xxx/CVE-2025-24593.json | 18 ++ 2025/24xxx/CVE-2025-24594.json | 18 ++ 2025/24xxx/CVE-2025-24595.json | 18 ++ 2025/24xxx/CVE-2025-24596.json | 18 ++ 2025/24xxx/CVE-2025-24783.json | 18 ++ 100 files changed, 3898 insertions(+), 93 deletions(-) create mode 100644 2024/13xxx/CVE-2024-13613.json create mode 100644 2024/13xxx/CVE-2024-13622.json create mode 100644 2024/13xxx/CVE-2024-13623.json create mode 100644 2024/13xxx/CVE-2024-13635.json create mode 100644 2024/13xxx/CVE-2024-13636.json create mode 100644 2024/13xxx/CVE-2024-13637.json create mode 100644 2024/13xxx/CVE-2024-13638.json create mode 100644 2024/13xxx/CVE-2024-13639.json create mode 100644 2024/13xxx/CVE-2024-13640.json create mode 100644 2024/13xxx/CVE-2024-13641.json create mode 100644 2024/13xxx/CVE-2024-13642.json create mode 100644 2024/13xxx/CVE-2024-13653.json create mode 100644 2024/13xxx/CVE-2024-13654.json create mode 100644 2024/13xxx/CVE-2024-13655.json create mode 100644 2024/13xxx/CVE-2024-13656.json create mode 100644 2024/13xxx/CVE-2024-13657.json create mode 100644 2024/13xxx/CVE-2024-13658.json create mode 100644 2025/0xxx/CVE-2025-0632.json create mode 100644 2025/0xxx/CVE-2025-0636.json create mode 100644 2025/0xxx/CVE-2025-0651.json create mode 100644 2025/0xxx/CVE-2025-0656.json create mode 100644 2025/0xxx/CVE-2025-0677.json create mode 100644 2025/0xxx/CVE-2025-0678.json create mode 100644 2025/0xxx/CVE-2025-0679.json create mode 100644 2025/0xxx/CVE-2025-0680.json create mode 100644 2025/0xxx/CVE-2025-0681.json create mode 100644 2025/20xxx/CVE-2025-20019.json create mode 100644 2025/24xxx/CVE-2025-24312.json create mode 100644 2025/24xxx/CVE-2025-24500.json create mode 100644 2025/24xxx/CVE-2025-24501.json create mode 100644 2025/24xxx/CVE-2025-24502.json create mode 100644 2025/24xxx/CVE-2025-24503.json create mode 100644 2025/24xxx/CVE-2025-24504.json create mode 100644 2025/24xxx/CVE-2025-24505.json create mode 100644 2025/24xxx/CVE-2025-24506.json create mode 100644 2025/24xxx/CVE-2025-24507.json create mode 100644 2025/24xxx/CVE-2025-24508.json create mode 100644 2025/24xxx/CVE-2025-24509.json create mode 100644 2025/24xxx/CVE-2025-24513.json create mode 100644 2025/24xxx/CVE-2025-24514.json create mode 100644 2025/24xxx/CVE-2025-24563.json create mode 100644 2025/24xxx/CVE-2025-24564.json create mode 100644 2025/24xxx/CVE-2025-24565.json create mode 100644 2025/24xxx/CVE-2025-24566.json create mode 100644 2025/24xxx/CVE-2025-24567.json create mode 100644 2025/24xxx/CVE-2025-24568.json create mode 100644 2025/24xxx/CVE-2025-24569.json create mode 100644 2025/24xxx/CVE-2025-24570.json create mode 100644 2025/24xxx/CVE-2025-24571.json create mode 100644 2025/24xxx/CVE-2025-24572.json create mode 100644 2025/24xxx/CVE-2025-24573.json create mode 100644 2025/24xxx/CVE-2025-24574.json create mode 100644 2025/24xxx/CVE-2025-24575.json create mode 100644 2025/24xxx/CVE-2025-24576.json create mode 100644 2025/24xxx/CVE-2025-24577.json create mode 100644 2025/24xxx/CVE-2025-24578.json create mode 100644 2025/24xxx/CVE-2025-24579.json create mode 100644 2025/24xxx/CVE-2025-24580.json create mode 100644 2025/24xxx/CVE-2025-24581.json create mode 100644 2025/24xxx/CVE-2025-24582.json create mode 100644 2025/24xxx/CVE-2025-24583.json create mode 100644 2025/24xxx/CVE-2025-24584.json create mode 100644 2025/24xxx/CVE-2025-24585.json create mode 100644 2025/24xxx/CVE-2025-24586.json create mode 100644 2025/24xxx/CVE-2025-24587.json create mode 100644 2025/24xxx/CVE-2025-24588.json create mode 100644 2025/24xxx/CVE-2025-24589.json create mode 100644 2025/24xxx/CVE-2025-24590.json create mode 100644 2025/24xxx/CVE-2025-24591.json create mode 100644 2025/24xxx/CVE-2025-24592.json create mode 100644 2025/24xxx/CVE-2025-24593.json create mode 100644 2025/24xxx/CVE-2025-24594.json create mode 100644 2025/24xxx/CVE-2025-24595.json create mode 100644 2025/24xxx/CVE-2025-24596.json create mode 100644 2025/24xxx/CVE-2025-24783.json diff --git a/2024/10xxx/CVE-2024-10929.json b/2024/10xxx/CVE-2024-10929.json index cccc83ef48e..7001df16c0b 100644 --- a/2024/10xxx/CVE-2024-10929.json +++ b/2024/10xxx/CVE-2024-10929.json @@ -1,18 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-10929", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "arm-security@arm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In certain circumstances, an issue in Arm Cortex-A72 (revisions before r1p0), Cortex-A73 and Cortex-A75 may allow an adversary to gain a weak form of control over the victim's branch history." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1423 Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution", + "cweId": "CWE-1423" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Arm", + "product": { + "product_data": [ + { + "product_name": "Cortex-A72", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "r1p0" + } + ] + } + }, + { + "product_name": "Cortex-A73", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0" + } + ] + } + }, + { + "product_name": "Cortex-A75", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://developer.arm.com/Arm%20Security%20Center/Spectre-BSE", + "refsource": "MISC", + "name": "https://developer.arm.com/Arm%20Security%20Center/Spectre-BSE" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11147.json b/2024/11xxx/CVE-2024-11147.json index 0c255c8661d..71f08fc32ef 100644 --- a/2024/11xxx/CVE-2024-11147.json +++ b/2024/11xxx/CVE-2024-11147.json @@ -1,17 +1,91 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-11147", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model and serial number. An attacker with shell access can login as root." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-798 Use of Hard-coded Credentials", + "cweId": "CWE-798" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ECOVACS", + "product": { + "product_data": [ + { + "product_name": "Unspecified robots", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "*" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf", + "refsource": "MISC", + "name": "https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf" + }, + { + "url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf", + "refsource": "MISC", + "name": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf" + }, + { + "url": "https://builder.dontvacuum.me/ecopassword.php", + "refsource": "MISC", + "name": "https://builder.dontvacuum.me/ecopassword.php" + } + ] + }, + "impact": { + "cvss": [ + { + "scope": "CHANGED", + "version": "3.1", + "baseScore": 7.6, + "attackVector": "PHYSICAL", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "integrityImpact": "HIGH", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "HIGH" } ] } diff --git a/2024/11xxx/CVE-2024-11166.json b/2024/11xxx/CVE-2024-11166.json index 7c7d0f373f9..9e49831e4f5 100644 --- a/2024/11xxx/CVE-2024-11166.json +++ b/2024/11xxx/CVE-2024-11166.json @@ -1,18 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-11166", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "For TCAS II systems using transponders compliant with MOPS earlier than RTCA DO-181F, an attacker can impersonate a ground station and issue a Comm-A Identity Request. This action can set the Sensitivity Level Control (SLC) to the lowest setting and disable the Resolution Advisory (RA), leading to a denial-of-service condition." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-15 External Control of System or Configuration Setting", + "cweId": "CWE-15" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Traffic Alert and Collision Avoidance System (TCAS) II", + "product": { + "product_data": [ + { + "product_name": "Collision Avoidance Systems", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-021-01", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-021-01" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "work_around": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

After consulting with the Federal Aviation Administration (FAA) and the researchers regarding these vulnerabilities, it has been concluded that CVE-2024-11166 can be fully mitigated by upgrading to ACAS X or by upgrading the associated transponder to comply with RTCA DO-181F.

Currently, there is no mitigation available for CWE-2024-9310.

These vulnerabilities in the TCAS II standard are exploitable in a lab environment. However, they require very specific conditions to be met and are unlikely to be exploited outside of a lab setting.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. These vulnerabilities are not exploitable remotely. These vulnerabilities have a high attack complexity.

\n\n
" + } + ], + "value": "After consulting with the Federal Aviation Administration (FAA) and the researchers regarding these vulnerabilities, it has been concluded that CVE-2024-11166 can be fully mitigated by upgrading to ACAS X or by upgrading the associated transponder to comply with RTCA DO-181F.\n\nCurrently, there is no mitigation available for CWE-2024-9310.\n\nThese vulnerabilities in the TCAS II standard are exploitable in a lab environment. However, they require very specific conditions to be met and are unlikely to be exploited outside of a lab setting.\n\nOrganizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.\n\nNo known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. These vulnerabilities are not exploitable remotely. These vulnerabilities have a high attack complexity." + } + ], + "credits": [ + { + "lang": "en", + "value": "Giacomo Longo and Enrico Russo of Genova University reported these vulnerabilities to CISA. Martin Strohmeier and Vincent Lenders of armasuisse reported these vulnerabilities to CISA. Alessio Merlo of Centre for High Defense Studies reported these vulnerabilities to CISA." + } + ] } \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11218.json b/2024/11xxx/CVE-2024-11218.json index c3d98f82e9f..3c3d27291fd 100644 --- a/2024/11xxx/CVE-2024-11218.json +++ b/2024/11xxx/CVE-2024-11218.json @@ -1,17 +1,144 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-11218", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Privilege Management", + "cweId": "CWE-269" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat OpenShift Container Platform 4", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2024-11218", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2024-11218" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2326231", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2326231" + } + ] + }, + "work_around": [ + { + "lang": "en", + "value": "Mandatory access controls should limit the access of the process performing the build, on systems where they are enabled.\n\nSELinux enforces strict access controls by confining the build process (e.g., Podman) to specific domains like container_t. This prevents unauthorized access to sensitive host files and directories, even if a malicious Containerfile tries to exploit the --mount flag." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/12xxx/CVE-2024-12043.json b/2024/12xxx/CVE-2024-12043.json index afe15f998f4..9efff36e393 100644 --- a/2024/12xxx/CVE-2024-12043.json +++ b/2024/12xxx/CVE-2024-12043.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-12043", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Prime Slider \u2013 Addons For Elementor (Revolution of a slider, Hero Slider, Post Slider and Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'social_link_title' parameter of the 'blog' widget in all versions up to, and including, 3.16.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "bdthemes", + "product": { + "product_data": [ + { + "product_name": "Prime Slider \u2013 Addons For Elementor (Revolution of a slider, Hero Slider, Post Slider and Ecommerce Slider)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "3.16.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/23e1fffa-9170-4bc2-ad7e-27708a08033b?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/23e1fffa-9170-4bc2-ad7e-27708a08033b?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3222179%40bdthemes-prime-slider-lite&new=3222179%40bdthemes-prime-slider-lite&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3222179%40bdthemes-prime-slider-lite&new=3222179%40bdthemes-prime-slider-lite&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "D.Sim" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/12xxx/CVE-2024-12078.json b/2024/12xxx/CVE-2024-12078.json index c1b67774d99..8f8bb5bd0b3 100644 --- a/2024/12xxx/CVE-2024-12078.json +++ b/2024/12xxx/CVE-2024-12078.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-12078", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE range can control any robot using the same key." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-321 Use of Hard-coded Cryptographic Key", + "cweId": "CWE-321" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ECOVACS", + "product": { + "product_data": [ + { + "product_name": "Unspecified robots", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "*" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf", + "refsource": "MISC", + "name": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf" + }, + { + "url": "https://youtu.be/_wUsM0Mlenc?t=2041", + "refsource": "MISC", + "name": "https://youtu.be/_wUsM0Mlenc?t=2041" + } + ] + }, + "impact": { + "cvss": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.3, + "attackVector": "ADJACENT_NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "integrityImpact": "LOW", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "LOW", + "privilegesRequired": "NONE", + "confidentialityImpact": "LOW" } ] } diff --git a/2024/12xxx/CVE-2024-12079.json b/2024/12xxx/CVE-2024-12079.json index 76169b5853c..aca96052597 100644 --- a/2024/12xxx/CVE-2024-12079.json +++ b/2024/12xxx/CVE-2024-12079.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-12079", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ECOVACS robot lawnmowers store the anti-theft PIN in cleartext on the device filesystem. An attacker can steal a lawnmower, read the PIN, and reset the anti-theft mechanism." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-312 Cleartext Storage of Sensitive Information", + "cweId": "CWE-312" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ECOVACS", + "product": { + "product_data": [ + { + "product_name": "Unspecified robots", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "*" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf", + "refsource": "MISC", + "name": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf" + } + ] + }, + "impact": { + "cvss": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 3.3, + "attackVector": "LOCAL", + "baseSeverity": "LOW", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "NONE", + "privilegesRequired": "LOW", + "confidentialityImpact": "LOW" } ] } diff --git a/2024/13xxx/CVE-2024-13613.json b/2024/13xxx/CVE-2024-13613.json new file mode 100644 index 00000000000..ce73f83e504 --- /dev/null +++ b/2024/13xxx/CVE-2024-13613.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13613", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/13xxx/CVE-2024-13622.json b/2024/13xxx/CVE-2024-13622.json new file mode 100644 index 00000000000..27fb6a192d3 --- /dev/null +++ b/2024/13xxx/CVE-2024-13622.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13622", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/13xxx/CVE-2024-13623.json b/2024/13xxx/CVE-2024-13623.json new file mode 100644 index 00000000000..6268cd93ef8 --- /dev/null +++ b/2024/13xxx/CVE-2024-13623.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13623", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/13xxx/CVE-2024-13635.json b/2024/13xxx/CVE-2024-13635.json new file mode 100644 index 00000000000..0be428f1b46 --- /dev/null +++ b/2024/13xxx/CVE-2024-13635.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13635", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/13xxx/CVE-2024-13636.json b/2024/13xxx/CVE-2024-13636.json new file mode 100644 index 00000000000..ba17b29f34a --- /dev/null +++ b/2024/13xxx/CVE-2024-13636.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13636", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/13xxx/CVE-2024-13637.json b/2024/13xxx/CVE-2024-13637.json new file mode 100644 index 00000000000..ab3126b9f72 --- /dev/null +++ b/2024/13xxx/CVE-2024-13637.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13637", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/13xxx/CVE-2024-13638.json b/2024/13xxx/CVE-2024-13638.json new file mode 100644 index 00000000000..f633eed2f33 --- /dev/null +++ b/2024/13xxx/CVE-2024-13638.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13638", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/13xxx/CVE-2024-13639.json b/2024/13xxx/CVE-2024-13639.json new file mode 100644 index 00000000000..54a202deafe --- /dev/null +++ b/2024/13xxx/CVE-2024-13639.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13639", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/13xxx/CVE-2024-13640.json b/2024/13xxx/CVE-2024-13640.json new file mode 100644 index 00000000000..9a68de44b74 --- /dev/null +++ b/2024/13xxx/CVE-2024-13640.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13640", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/13xxx/CVE-2024-13641.json b/2024/13xxx/CVE-2024-13641.json new file mode 100644 index 00000000000..b494268994b --- /dev/null +++ b/2024/13xxx/CVE-2024-13641.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13641", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/13xxx/CVE-2024-13642.json b/2024/13xxx/CVE-2024-13642.json new file mode 100644 index 00000000000..cd66d58bdd8 --- /dev/null +++ b/2024/13xxx/CVE-2024-13642.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13642", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/13xxx/CVE-2024-13653.json b/2024/13xxx/CVE-2024-13653.json new file mode 100644 index 00000000000..950e4907a2b --- /dev/null +++ b/2024/13xxx/CVE-2024-13653.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13653", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/13xxx/CVE-2024-13654.json b/2024/13xxx/CVE-2024-13654.json new file mode 100644 index 00000000000..64d7b5654e3 --- /dev/null +++ b/2024/13xxx/CVE-2024-13654.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13654", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/13xxx/CVE-2024-13655.json b/2024/13xxx/CVE-2024-13655.json new file mode 100644 index 00000000000..a17d090ca6f --- /dev/null +++ b/2024/13xxx/CVE-2024-13655.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13655", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/13xxx/CVE-2024-13656.json b/2024/13xxx/CVE-2024-13656.json new file mode 100644 index 00000000000..51fed234e39 --- /dev/null +++ b/2024/13xxx/CVE-2024-13656.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13656", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/13xxx/CVE-2024-13657.json b/2024/13xxx/CVE-2024-13657.json new file mode 100644 index 00000000000..476dc51f01a --- /dev/null +++ b/2024/13xxx/CVE-2024-13657.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13657", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/13xxx/CVE-2024-13658.json b/2024/13xxx/CVE-2024-13658.json new file mode 100644 index 00000000000..68f71a9ae71 --- /dev/null +++ b/2024/13xxx/CVE-2024-13658.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13658", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/52xxx/CVE-2024-52327.json b/2024/52xxx/CVE-2024-52327.json index afaa729cec0..d267112b781 100644 --- a/2024/52xxx/CVE-2024-52327.json +++ b/2024/52xxx/CVE-2024-52327.json @@ -1,17 +1,131 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-52327", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The cloud service used by ECOVACS robot lawnmowers and vacuums allows authenticated attackers to bypass the PIN entry required to access the live video feed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-603 Use of Client-Side Authentication", + "cweId": "CWE-603" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-807 Reliance on Untrusted Inputs in a Security Decision", + "cweId": "CWE-807" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ECOVACS", + "product": { + "product_data": [ + { + "product_name": "ECOVACS HOME", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0", + "status": "affected", + "lessThan": "3.0.2", + "versionType": "custom" + }, + { + "version": "3.0.2", + "status": "unaffected" + } + ], + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "cloud service", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0", + "status": "affected", + "lessThan": "2024-12-17", + "versionType": "custom" + }, + { + "version": "2024-12-17", + "status": "unaffected" + } + ], + "defaultStatus": "unknown" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf", + "refsource": "MISC", + "name": "https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf" + }, + { + "url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf", + "refsource": "MISC", + "name": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf" + }, + { + "url": "https://www.ecovacs.com/global/userhelp/dsa20241217002", + "refsource": "MISC", + "name": "https://www.ecovacs.com/global/userhelp/dsa20241217002" + } + ] + }, + "impact": { + "cvss": [ + { + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ] } diff --git a/2024/52xxx/CVE-2024-52328.json b/2024/52xxx/CVE-2024-52328.json index f26a9acb9df..f46b43fd4f6 100644 --- a/2024/52xxx/CVE-2024-52328.json +++ b/2024/52xxx/CVE-2024-52328.json @@ -1,17 +1,78 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-52328", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker with access to the /data filesystem can delete or modify warning files such that users may not be aware that the camera is on." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-732 Incorrect Permission Assignment for Critical Resource", + "cweId": "CWE-732" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ECOVACS", + "product": { + "product_data": [ + { + "product_name": "Unspecified robots", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "*" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf", + "refsource": "MISC", + "name": "https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf" + }, + { + "url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf", + "refsource": "MISC", + "name": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf" + } + ] + }, + "impact": { + "cvss": [ + { + "baseScore": 2.3, + "baseSeverity": "LOW", + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" } ] } diff --git a/2024/52xxx/CVE-2024-52329.json b/2024/52xxx/CVE-2024-52329.json index e40f9e26877..1bb1c91054e 100644 --- a/2024/52xxx/CVE-2024-52329.json +++ b/2024/52xxx/CVE-2024-52329.json @@ -1,17 +1,97 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-52329", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic and obtain authentication tokens." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-295 Improper Certificate Validation", + "cweId": "CWE-295" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ECOVACS", + "product": { + "product_data": [ + { + "product_name": "ECOVACS HOME", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "3.0.0", + "status": "unaffected" + }, + { + "version": "0", + "status": "affected", + "lessThan": "3.0.0", + "versionType": "custom" + } + ], + "defaultStatus": "unknown" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf", + "refsource": "MISC", + "name": "https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf" + }, + { + "url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf", + "refsource": "MISC", + "name": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf" + }, + { + "url": "https://www.ecovacs.com/global/userhelp/dsa20241217001", + "refsource": "MISC", + "name": "https://www.ecovacs.com/global/userhelp/dsa20241217001" + } + ] + }, + "impact": { + "cvss": [ + { + "baseScore": 7.4, + "baseSeverity": "HIGH", + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ] } diff --git a/2024/52xxx/CVE-2024-52330.json b/2024/52xxx/CVE-2024-52330.json index 4e4df7cbc56..fd77e6d7133 100644 --- a/2024/52xxx/CVE-2024-52330.json +++ b/2024/52xxx/CVE-2024-52330.json @@ -1,17 +1,572 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-52330", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-295 Improper Certificate Validation", + "cweId": "CWE-295" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ECOVACS", + "product": { + "product_data": [ + { + "product_name": "DEEBOT X5 PRO PLUS", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "1.38.0", + "status": "unaffected" + }, + { + "version": "0", + "status": "affected", + "lessThan": "1.38.0", + "versionType": "custom" + } + ], + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "DEEBOT X5 PRO", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "1.70.0", + "status": "unaffected" + }, + { + "version": "0", + "status": "affected", + "lessThan": "1.70.0", + "versionType": "custom" + } + ], + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "DEEBOT X2S", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0", + "status": "affected", + "lessThan": "1.49.0", + "versionType": "custom" + }, + { + "version": "1.49.0", + "status": "unaffected" + } + ], + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "DEEBOT X2 OMNI", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "1.76.6", + "status": "unaffected" + }, + { + "version": "0", + "status": "affected", + "lessThan": "1.76.6", + "versionType": "custom" + } + ], + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "DEEBOT X1 TURBO", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0", + "status": "affected", + "lessThan": "2.4.41", + "versionType": "custom" + }, + { + "version": "2.4.41", + "status": "unaffected" + } + ], + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "DEEBOT X1", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "1.7.3", + "status": "unaffected" + }, + { + "version": "0", + "status": "affected", + "lessThan": "1.7.3", + "versionType": "custom" + } + ], + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "DEEBOT X1S PRO", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "2.5.31", + "status": "unaffected" + }, + { + "version": "0", + "status": "affected", + "lessThan": "2.5.31", + "versionType": "custom" + } + ], + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "DEEBOT X1e OMNI", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "2.4.42", + "status": "unaffected" + }, + { + "version": "0", + "status": "affected", + "lessThan": "2.4.42", + "versionType": "custom" + } + ], + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "DEEBOT T10 PLUS", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "1.7.5", + "status": "unaffected" + }, + { + "version": "0", + "status": "affected", + "lessThan": "1.7.5", + "versionType": "custom" + } + ], + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "DEEBOT T10 OMNI", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0", + "status": "affected", + "lessThan": "1.9.0", + "versionType": "custom" + }, + { + "version": "1.9.0", + "status": "unaffected" + } + ], + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "DEEBOT X5 PRO ULTRA", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0", + "status": "affected", + "lessThan": "1.17.0", + "versionType": "custom" + }, + { + "version": "1.17.0", + "status": "unaffected" + } + ], + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "Mate X", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "1.44.18", + "status": "unaffected" + }, + { + "version": "0", + "status": "affected", + "lessThan": "1.44.18", + "versionType": "custom" + } + ], + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "DEEBOT X2 PRO", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "1.76.6", + "status": "unaffected" + }, + { + "version": "0", + "status": "affected", + "lessThan": "1.76.6", + "versionType": "custom" + } + ], + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "DEEBOT X2 COMBO", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0", + "status": "affected", + "lessThan": "1.81.10", + "versionType": "custom" + }, + { + "version": "1.81.10", + "status": "unaffected" + } + ], + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "DEEBOT X1 OMNI", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0", + "status": "affected", + "lessThan": "2.4.41", + "versionType": "custom" + }, + { + "version": "2.4.41", + "status": "unaffected" + } + ], + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "DEEBOT X1 PRO OMNI", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "2.4.41", + "status": "unaffected" + }, + { + "version": "0", + "status": "affected", + "lessThan": "2.4.41", + "versionType": "custom" + } + ], + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "DEEBOT X1 PLUS", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "1.7.3", + "status": "unaffected" + }, + { + "version": "0", + "status": "affected", + "lessThan": "1.7.3", + "versionType": "custom" + } + ], + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "DEEBOT X1S PRO PLUS", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "1.23.0", + "status": "unaffected" + }, + { + "version": "0", + "status": "affected", + "lessThan": "1.23.0", + "versionType": "custom" + } + ], + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "DEEBOT T10 TURBO", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "1.10.0", + "status": "unaffected" + }, + { + "version": "0", + "status": "affected", + "lessThan": "1.10.0", + "versionType": "custom" + } + ], + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "DEEBOT T10", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0", + "status": "affected", + "lessThan": "1.7.5", + "versionType": "custom" + }, + { + "version": "1.7.5", + "status": "unaffected" + } + ], + "defaultStatus": "unknown" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf", + "refsource": "MISC", + "name": "https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf" + }, + { + "url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf", + "refsource": "MISC", + "name": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf" + }, + { + "url": "https://www.ecovacs.com/global/userhelp/dsa20241217001", + "refsource": "MISC", + "name": "https://www.ecovacs.com/global/userhelp/dsa20241217001" + } + ] + }, + "impact": { + "cvss": [ + { + "baseScore": 7.4, + "baseSeverity": "HIGH", + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ] } diff --git a/2024/52xxx/CVE-2024-52331.json b/2024/52xxx/CVE-2024-52331.json index 0dee5f569ea..e30e6c21da9 100644 --- a/2024/52xxx/CVE-2024-52331.json +++ b/2024/52xxx/CVE-2024-52331.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-52331", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key to decrypt firmware updates. An attacker can create and encrypt malicious firmware that will be successfully decrypted and installed by the robot." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-494 Download of Code Without Integrity Check", + "cweId": "CWE-494" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-1391 Use of Weak Credentials", + "cweId": "CWE-1391" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ECOVACS", + "product": { + "product_data": [ + { + "product_name": "Unspecified robots", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "*" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.html", + "refsource": "MISC", + "name": "https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.html" + }, + { + "url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf", + "refsource": "MISC", + "name": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf" + } + ] + }, + "impact": { + "cvss": [ + { + "baseScore": 7.5, + "baseSeverity": "HIGH", + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ] } diff --git a/2025/0xxx/CVE-2025-0632.json b/2025/0xxx/CVE-2025-0632.json new file mode 100644 index 00000000000..1216a7fc3f1 --- /dev/null +++ b/2025/0xxx/CVE-2025-0632.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-0632", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/0xxx/CVE-2025-0636.json b/2025/0xxx/CVE-2025-0636.json new file mode 100644 index 00000000000..b25e882b42a --- /dev/null +++ b/2025/0xxx/CVE-2025-0636.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-0636", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/0xxx/CVE-2025-0650.json b/2025/0xxx/CVE-2025-0650.json index e9ccc0274f1..d586f62df78 100644 --- a/2025/0xxx/CVE-2025-0650.json +++ b/2025/0xxx/CVE-2025-0650.json @@ -1,17 +1,294 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0650", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured. This issue can lead to unauthorized access to virtual machines and containers running on the OVN network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Fast Datapath for RHEL 7", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Fast Datapath for RHEL 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Fast Datapath for RHEL 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat OpenShift Container Platform 4", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2025-0650", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2025-0650" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339537", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2339537" + }, + { + "url": "https://www.openwall.com/lists/oss-security/2025/01/22/5", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2025/01/22/5" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/0xxx/CVE-2025-0651.json b/2025/0xxx/CVE-2025-0651.json new file mode 100644 index 00000000000..da03502e915 --- /dev/null +++ b/2025/0xxx/CVE-2025-0651.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-0651", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/0xxx/CVE-2025-0656.json b/2025/0xxx/CVE-2025-0656.json new file mode 100644 index 00000000000..15fcb83fad1 --- /dev/null +++ b/2025/0xxx/CVE-2025-0656.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-0656", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/0xxx/CVE-2025-0677.json b/2025/0xxx/CVE-2025-0677.json new file mode 100644 index 00000000000..ce8a8b6a730 --- /dev/null +++ b/2025/0xxx/CVE-2025-0677.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-0677", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/0xxx/CVE-2025-0678.json b/2025/0xxx/CVE-2025-0678.json new file mode 100644 index 00000000000..898e0f3066c --- /dev/null +++ b/2025/0xxx/CVE-2025-0678.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-0678", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/0xxx/CVE-2025-0679.json b/2025/0xxx/CVE-2025-0679.json new file mode 100644 index 00000000000..fe758d8e284 --- /dev/null +++ b/2025/0xxx/CVE-2025-0679.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-0679", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/0xxx/CVE-2025-0680.json b/2025/0xxx/CVE-2025-0680.json new file mode 100644 index 00000000000..08c3a16e591 --- /dev/null +++ b/2025/0xxx/CVE-2025-0680.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-0680", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/0xxx/CVE-2025-0681.json b/2025/0xxx/CVE-2025-0681.json new file mode 100644 index 00000000000..048e1225bfa --- /dev/null +++ b/2025/0xxx/CVE-2025-0681.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-0681", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/20xxx/CVE-2025-20019.json b/2025/20xxx/CVE-2025-20019.json new file mode 100644 index 00000000000..a30b67cffeb --- /dev/null +++ b/2025/20xxx/CVE-2025-20019.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-20019", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/23xxx/CVE-2025-23960.json b/2025/23xxx/CVE-2025-23960.json index 1c948ffcb06..b70d672a5a9 100644 --- a/2025/23xxx/CVE-2025-23960.json +++ b/2025/23xxx/CVE-2025-23960.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-23960", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in basteln3rk Save & Import Image from URL allows Reflected XSS. This issue affects Save & Import Image from URL: from n/a through 0.7." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "basteln3rk", + "product": { + "product_data": [ + { + "product_name": "Save & Import Image from URL", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "0.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/save-import-image-from-url/vulnerability/wordpress-save-import-image-from-url-plugin-0-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/save-import-image-from-url/vulnerability/wordpress-save-import-image-from-url-plugin-0-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Jo\u00e3o Pedro S Alc\u00e2ntara (Kinorth) (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2025/23xxx/CVE-2025-23966.json b/2025/23xxx/CVE-2025-23966.json index 1fdbe80b2e1..6450c51e324 100644 --- a/2025/23xxx/CVE-2025-23966.json +++ b/2025/23xxx/CVE-2025-23966.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-23966", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AlaFalaki a Gateway for Pasargad Bank on WooCommerce allows Reflected XSS. This issue affects a Gateway for Pasargad Bank on WooCommerce: from n/a through 2.5.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "AlaFalaki", + "product": { + "product_data": [ + { + "product_name": "a Gateway for Pasargad Bank on WooCommerce", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "2.5.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/a-gateway-for-pasargad-bank-on-woocommerce/vulnerability/wordpress-a-gateway-for-pasargad-bank-on-woocommerce-plugin-2-5-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/a-gateway-for-pasargad-bank-on-woocommerce/vulnerability/wordpress-a-gateway-for-pasargad-bank-on-woocommerce-plugin-2-5-2-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Jo\u00e3o Pedro S Alc\u00e2ntara (Kinorth) (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2025/23xxx/CVE-2025-23992.json b/2025/23xxx/CVE-2025-23992.json index 88543c7ecd6..09f9c848058 100644 --- a/2025/23xxx/CVE-2025-23992.json +++ b/2025/23xxx/CVE-2025-23992.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-23992", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leetoo Toocheke Companion allows Stored XSS. This issue affects Toocheke Companion: from n/a through 1.166." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Leetoo", + "product": { + "product_data": [ + { + "product_name": "Toocheke Companion", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "1.166", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.167", + "status": "unaffected" + } + ] + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/toocheke-companion/vulnerability/wordpress-toocheke-companion-plugin-1-166-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/toocheke-companion/vulnerability/wordpress-toocheke-companion-plugin-1-166-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Toocheke Companion wordpress plugin to the latest available version (at least 1.167)." + } + ], + "value": "Update the WordPress Toocheke Companion wordpress plugin to the latest available version (at least 1.167)." + } + ], + "credits": [ + { + "lang": "en", + "value": "Pham Van Tam (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 5.9, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2025/24xxx/CVE-2025-24027.json b/2025/24xxx/CVE-2025-24027.json index 65bc8e64a7c..46cab30e9bf 100644 --- a/2025/24xxx/CVE-2025-24027.json +++ b/2025/24xxx/CVE-2025-24027.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24027", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ps_contactinfo, a PrestaShop module for displaying store contact information, has a cross-site scripting (XSS) vulnerability in versions up to and including 3.3.2. This can not be exploited in a fresh install of PrestaShop, only shops made vulnerable by third party modules are concerned. For example, if the shop has a third party module vulnerable to SQL injections, then ps_contactinfo might execute a stored cross-site scripting in formatting objects. Commit d60f9a5634b4fc2d3a8831fb08fe2e1f23cbfa39 keeps formatted addresses from displaying a XSS stored in the database, and the fix is expected to be available in version 3.3.3. No workarounds are available aside from applying the fix and keeping all modules maintained and update." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PrestaShop", + "product": { + "product_data": [ + { + "product_name": "ps_contactinfo", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "<= 3.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/PrestaShop/ps_contactinfo/security/advisories/GHSA-35pq-7pv2-2rfw", + "refsource": "MISC", + "name": "https://github.com/PrestaShop/ps_contactinfo/security/advisories/GHSA-35pq-7pv2-2rfw" + }, + { + "url": "https://github.com/PrestaShop/ps_contactinfo/commit/d60f9a5634b4fc2d3a8831fb08fe2e1f23cbfa39", + "refsource": "MISC", + "name": "https://github.com/PrestaShop/ps_contactinfo/commit/d60f9a5634b4fc2d3a8831fb08fe2e1f23cbfa39" + } + ] + }, + "source": { + "advisory": "GHSA-35pq-7pv2-2rfw", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.2, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:H", + "version": "3.1" } ] } diff --git a/2025/24xxx/CVE-2025-24030.json b/2025/24xxx/CVE-2025-24030.json index 02c872e3c99..09737886cb2 100644 --- a/2025/24xxx/CVE-2025-24030.json +++ b/2025/24xxx/CVE-2025-24030.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24030", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. A user with access to the Kubernetes cluster can use a path traversal attack to execute Envoy Admin interface commands on proxies managed by any version of Envoy Gateway prior to 1.2.6. The admin interface can be used to terminate the Envoy process and extract the Envoy configuration (possibly containing confidential data). Version 1.2.6 fixes the issue. As a workaround, the `EnvoyProxy` API can be used to apply a bootstrap config patch that restricts access strictly to the prometheus stats endpoint. Find below an example of such a bootstrap patch." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-419: Unprotected Primary Channel", + "cweId": "CWE-419" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "envoyproxy", + "product": { + "product_data": [ + { + "product_name": "gateway", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 1.2.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/envoyproxy/gateway/security/advisories/GHSA-j777-63hf-hx76", + "refsource": "MISC", + "name": "https://github.com/envoyproxy/gateway/security/advisories/GHSA-j777-63hf-hx76" + }, + { + "url": "https://github.com/envoyproxy/gateway/commit/3eb3301ab3dbf12b201b47bdb6074d1233be07bd", + "refsource": "MISC", + "name": "https://github.com/envoyproxy/gateway/commit/3eb3301ab3dbf12b201b47bdb6074d1233be07bd" + }, + { + "url": "https://www.envoyproxy.io/docs/envoy/latest/configuration/best_practices/edge", + "refsource": "MISC", + "name": "https://www.envoyproxy.io/docs/envoy/latest/configuration/best_practices/edge" + }, + { + "url": "https://www.envoyproxy.io/docs/envoy/latest/operations/admin", + "refsource": "MISC", + "name": "https://www.envoyproxy.io/docs/envoy/latest/operations/admin" + } + ] + }, + "source": { + "advisory": "GHSA-j777-63hf-hx76", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "version": "3.1" } ] } diff --git a/2025/24xxx/CVE-2025-24312.json b/2025/24xxx/CVE-2025-24312.json new file mode 100644 index 00000000000..bec2bcd02a6 --- /dev/null +++ b/2025/24xxx/CVE-2025-24312.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24312", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24397.json b/2025/24xxx/CVE-2025-24397.json index 7b69ff747e0..46b8fd49e3b 100644 --- a/2025/24xxx/CVE-2025-24397.json +++ b/2025/24xxx/CVE-2025-24397.json @@ -1,17 +1,63 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24397", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An incorrect permission check in Jenkins GitLab Plugin 1.9.6 and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credential IDs of GitLab API token and Secret text credentials stored in Jenkins." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins Project", + "product": { + "product_data": [ + { + "product_name": "Jenkins GitLab Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "1.9.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.jenkins.io/security/advisory/2025-01-22/#SECURITY-3260", + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2025-01-22/#SECURITY-3260" } ] } diff --git a/2025/24xxx/CVE-2025-24398.json b/2025/24xxx/CVE-2025-24398.json index 94e52e3e14e..7a63198bc39 100644 --- a/2025/24xxx/CVE-2025-24398.json +++ b/2025/24xxx/CVE-2025-24398.json @@ -1,17 +1,63 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24398", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Bitbucket Server Integration Plugin 2.1.0 through 4.1.3 (both inclusive) allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins Project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Bitbucket Server Integration Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "2.1.0", + "version_value": "4.1.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.jenkins.io/security/advisory/2025-01-22/#SECURITY-3434", + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2025-01-22/#SECURITY-3434" } ] } diff --git a/2025/24xxx/CVE-2025-24399.json b/2025/24xxx/CVE-2025-24399.json index 79a6c2fa528..8c3d9763328 100644 --- a/2025/24xxx/CVE-2025-24399.json +++ b/2025/24xxx/CVE-2025-24399.json @@ -1,17 +1,76 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24399", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins OpenId Connect Authentication Plugin 4.452.v2849b_d3945fa_ and earlier, except 4.438.440.v3f5f201de5dc, treats usernames as case-insensitive, allowing attackers on Jenkins instances configured with a case-sensitive OpenID Connect provider to log in as any user by providing a username that differs only in letter case, potentially gaining administrator access to Jenkins." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins Project", + "product": { + "product_data": [ + { + "product_name": "Jenkins OpenId Connect Authentication Plugin", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.453.v4d7765c854f4", + "versionType": "maven", + "lessThan": "*", + "status": "unaffected" + }, + { + "version": "4.438.440.v3f5f201de5dc", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.jenkins.io/security/advisory/2025-01-22/#SECURITY-3461", + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2025-01-22/#SECURITY-3461" } ] } diff --git a/2025/24xxx/CVE-2025-24400.json b/2025/24xxx/CVE-2025-24400.json index f665574ef69..5da112a0403 100644 --- a/2025/24xxx/CVE-2025-24400.json +++ b/2025/24xxx/CVE-2025-24400.json @@ -1,17 +1,63 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24400", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Eiffel Broadcaster Plugin 2.8.0 through 2.10.2 (both inclusive) uses the credential ID as the cache key during signing operations, allowing attackers able to create a credential with the same ID as a legitimate one in a different credentials store to sign an event published to RabbitMQ with the legitimate credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins Project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Eiffel Broadcaster Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "2.8.0", + "version_value": "2.10.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.jenkins.io/security/advisory/2025-01-22/#SECURITY-3485", + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2025-01-22/#SECURITY-3485" } ] } diff --git a/2025/24xxx/CVE-2025-24401.json b/2025/24xxx/CVE-2025-24401.json index 4f662b63e6a..5883f7a5a75 100644 --- a/2025/24xxx/CVE-2025-24401.json +++ b/2025/24xxx/CVE-2025-24401.json @@ -1,17 +1,63 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24401", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Folder-based Authorization Strategy Plugin 217.vd5b_18537403e and earlier does not verify that permissions configured to be granted are enabled, potentially allowing users formerly granted (typically optional permissions, like Overall/Manage) to access functionality they're no longer entitled to." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins Project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Folder-based Authorization Strategy Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "217.vd5b_18537403e" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.jenkins.io/security/advisory/2025-01-22/#SECURITY-3062", + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2025-01-22/#SECURITY-3062" } ] } diff --git a/2025/24xxx/CVE-2025-24402.json b/2025/24xxx/CVE-2025-24402.json index 080779d6b6c..33f420d27da 100644 --- a/2025/24xxx/CVE-2025-24402.json +++ b/2025/24xxx/CVE-2025-24402.json @@ -1,17 +1,63 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24402", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Service Fabric Plugin 1.6 and earlier allows attackers to connect to a Service Fabric URL using attacker-specified credentials IDs obtained through another method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins Project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Azure Service Fabric Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "1.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.jenkins.io/security/advisory/2025-01-22/#SECURITY-3094", + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2025-01-22/#SECURITY-3094" } ] } diff --git a/2025/24xxx/CVE-2025-24403.json b/2025/24xxx/CVE-2025-24403.json index 6219e35ba55..bb652e3987c 100644 --- a/2025/24xxx/CVE-2025-24403.json +++ b/2025/24xxx/CVE-2025-24403.json @@ -1,17 +1,63 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24403", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A missing permission check in Jenkins Azure Service Fabric Plugin 1.6 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of Azure credentials stored in Jenkins." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins Project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Azure Service Fabric Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "1.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.jenkins.io/security/advisory/2025-01-22/#SECURITY-3094", + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2025-01-22/#SECURITY-3094" } ] } diff --git a/2025/24xxx/CVE-2025-24500.json b/2025/24xxx/CVE-2025-24500.json new file mode 100644 index 00000000000..2cf82aaf4dc --- /dev/null +++ b/2025/24xxx/CVE-2025-24500.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24500", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24501.json b/2025/24xxx/CVE-2025-24501.json new file mode 100644 index 00000000000..c596f138c71 --- /dev/null +++ b/2025/24xxx/CVE-2025-24501.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24501", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24502.json b/2025/24xxx/CVE-2025-24502.json new file mode 100644 index 00000000000..cbc70960c8a --- /dev/null +++ b/2025/24xxx/CVE-2025-24502.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24502", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24503.json b/2025/24xxx/CVE-2025-24503.json new file mode 100644 index 00000000000..d31d0208181 --- /dev/null +++ b/2025/24xxx/CVE-2025-24503.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24503", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24504.json b/2025/24xxx/CVE-2025-24504.json new file mode 100644 index 00000000000..04fafaac7c1 --- /dev/null +++ b/2025/24xxx/CVE-2025-24504.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24504", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24505.json b/2025/24xxx/CVE-2025-24505.json new file mode 100644 index 00000000000..a6635ddb5bc --- /dev/null +++ b/2025/24xxx/CVE-2025-24505.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24505", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24506.json b/2025/24xxx/CVE-2025-24506.json new file mode 100644 index 00000000000..9676781f436 --- /dev/null +++ b/2025/24xxx/CVE-2025-24506.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24506", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24507.json b/2025/24xxx/CVE-2025-24507.json new file mode 100644 index 00000000000..38f170eca77 --- /dev/null +++ b/2025/24xxx/CVE-2025-24507.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24507", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24508.json b/2025/24xxx/CVE-2025-24508.json new file mode 100644 index 00000000000..61ad86a44a3 --- /dev/null +++ b/2025/24xxx/CVE-2025-24508.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24508", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24509.json b/2025/24xxx/CVE-2025-24509.json new file mode 100644 index 00000000000..a0f15f1ca90 --- /dev/null +++ b/2025/24xxx/CVE-2025-24509.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24509", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24513.json b/2025/24xxx/CVE-2025-24513.json new file mode 100644 index 00000000000..7e327a6fe27 --- /dev/null +++ b/2025/24xxx/CVE-2025-24513.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24513", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24514.json b/2025/24xxx/CVE-2025-24514.json new file mode 100644 index 00000000000..8801d10a604 --- /dev/null +++ b/2025/24xxx/CVE-2025-24514.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24514", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24563.json b/2025/24xxx/CVE-2025-24563.json new file mode 100644 index 00000000000..5fa72c1c237 --- /dev/null +++ b/2025/24xxx/CVE-2025-24563.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24563", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24564.json b/2025/24xxx/CVE-2025-24564.json new file mode 100644 index 00000000000..03a214838a1 --- /dev/null +++ b/2025/24xxx/CVE-2025-24564.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24564", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24565.json b/2025/24xxx/CVE-2025-24565.json new file mode 100644 index 00000000000..e744b89c253 --- /dev/null +++ b/2025/24xxx/CVE-2025-24565.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24565", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24566.json b/2025/24xxx/CVE-2025-24566.json new file mode 100644 index 00000000000..4976ea1fd79 --- /dev/null +++ b/2025/24xxx/CVE-2025-24566.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24566", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24567.json b/2025/24xxx/CVE-2025-24567.json new file mode 100644 index 00000000000..cb8f13c0308 --- /dev/null +++ b/2025/24xxx/CVE-2025-24567.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24567", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24568.json b/2025/24xxx/CVE-2025-24568.json new file mode 100644 index 00000000000..2811adfccb8 --- /dev/null +++ b/2025/24xxx/CVE-2025-24568.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24568", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24569.json b/2025/24xxx/CVE-2025-24569.json new file mode 100644 index 00000000000..8a206a4646d --- /dev/null +++ b/2025/24xxx/CVE-2025-24569.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24569", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24570.json b/2025/24xxx/CVE-2025-24570.json new file mode 100644 index 00000000000..e6bad3a2c8b --- /dev/null +++ b/2025/24xxx/CVE-2025-24570.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24570", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24571.json b/2025/24xxx/CVE-2025-24571.json new file mode 100644 index 00000000000..040205b49ea --- /dev/null +++ b/2025/24xxx/CVE-2025-24571.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24571", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24572.json b/2025/24xxx/CVE-2025-24572.json new file mode 100644 index 00000000000..c357535ebba --- /dev/null +++ b/2025/24xxx/CVE-2025-24572.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24572", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24573.json b/2025/24xxx/CVE-2025-24573.json new file mode 100644 index 00000000000..b5721d44486 --- /dev/null +++ b/2025/24xxx/CVE-2025-24573.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24573", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24574.json b/2025/24xxx/CVE-2025-24574.json new file mode 100644 index 00000000000..fc66946881d --- /dev/null +++ b/2025/24xxx/CVE-2025-24574.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24574", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24575.json b/2025/24xxx/CVE-2025-24575.json new file mode 100644 index 00000000000..49f2e3fd1b9 --- /dev/null +++ b/2025/24xxx/CVE-2025-24575.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24575", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24576.json b/2025/24xxx/CVE-2025-24576.json new file mode 100644 index 00000000000..61a32013d4e --- /dev/null +++ b/2025/24xxx/CVE-2025-24576.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24576", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24577.json b/2025/24xxx/CVE-2025-24577.json new file mode 100644 index 00000000000..80a546794fa --- /dev/null +++ b/2025/24xxx/CVE-2025-24577.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24577", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24578.json b/2025/24xxx/CVE-2025-24578.json new file mode 100644 index 00000000000..a5bbfa3cc87 --- /dev/null +++ b/2025/24xxx/CVE-2025-24578.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24578", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24579.json b/2025/24xxx/CVE-2025-24579.json new file mode 100644 index 00000000000..b32a423c27a --- /dev/null +++ b/2025/24xxx/CVE-2025-24579.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24579", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24580.json b/2025/24xxx/CVE-2025-24580.json new file mode 100644 index 00000000000..9030b07dc65 --- /dev/null +++ b/2025/24xxx/CVE-2025-24580.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24580", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24581.json b/2025/24xxx/CVE-2025-24581.json new file mode 100644 index 00000000000..ba132fa6850 --- /dev/null +++ b/2025/24xxx/CVE-2025-24581.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24581", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24582.json b/2025/24xxx/CVE-2025-24582.json new file mode 100644 index 00000000000..121062a33a1 --- /dev/null +++ b/2025/24xxx/CVE-2025-24582.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24582", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24583.json b/2025/24xxx/CVE-2025-24583.json new file mode 100644 index 00000000000..28229dee9fd --- /dev/null +++ b/2025/24xxx/CVE-2025-24583.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24583", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24584.json b/2025/24xxx/CVE-2025-24584.json new file mode 100644 index 00000000000..87d3bff7502 --- /dev/null +++ b/2025/24xxx/CVE-2025-24584.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24584", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24585.json b/2025/24xxx/CVE-2025-24585.json new file mode 100644 index 00000000000..738aaf13b23 --- /dev/null +++ b/2025/24xxx/CVE-2025-24585.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24585", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24586.json b/2025/24xxx/CVE-2025-24586.json new file mode 100644 index 00000000000..b026eac4a76 --- /dev/null +++ b/2025/24xxx/CVE-2025-24586.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24586", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24587.json b/2025/24xxx/CVE-2025-24587.json new file mode 100644 index 00000000000..fba42199855 --- /dev/null +++ b/2025/24xxx/CVE-2025-24587.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24587", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24588.json b/2025/24xxx/CVE-2025-24588.json new file mode 100644 index 00000000000..0dc1044c98d --- /dev/null +++ b/2025/24xxx/CVE-2025-24588.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24588", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24589.json b/2025/24xxx/CVE-2025-24589.json new file mode 100644 index 00000000000..4cd41b7b1d3 --- /dev/null +++ b/2025/24xxx/CVE-2025-24589.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24589", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24590.json b/2025/24xxx/CVE-2025-24590.json new file mode 100644 index 00000000000..a25a9ed6469 --- /dev/null +++ b/2025/24xxx/CVE-2025-24590.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24590", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24591.json b/2025/24xxx/CVE-2025-24591.json new file mode 100644 index 00000000000..24e493831de --- /dev/null +++ b/2025/24xxx/CVE-2025-24591.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24591", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24592.json b/2025/24xxx/CVE-2025-24592.json new file mode 100644 index 00000000000..37dccd4dbb7 --- /dev/null +++ b/2025/24xxx/CVE-2025-24592.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24592", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24593.json b/2025/24xxx/CVE-2025-24593.json new file mode 100644 index 00000000000..2800a0cadde --- /dev/null +++ b/2025/24xxx/CVE-2025-24593.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24593", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24594.json b/2025/24xxx/CVE-2025-24594.json new file mode 100644 index 00000000000..dd7d420c8a7 --- /dev/null +++ b/2025/24xxx/CVE-2025-24594.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24594", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24595.json b/2025/24xxx/CVE-2025-24595.json new file mode 100644 index 00000000000..9c284358bfa --- /dev/null +++ b/2025/24xxx/CVE-2025-24595.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24595", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24596.json b/2025/24xxx/CVE-2025-24596.json new file mode 100644 index 00000000000..42daca96d6d --- /dev/null +++ b/2025/24xxx/CVE-2025-24596.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24596", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24783.json b/2025/24xxx/CVE-2025-24783.json new file mode 100644 index 00000000000..aa2a8645d27 --- /dev/null +++ b/2025/24xxx/CVE-2025-24783.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24783", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file