From 380732b1a0c479ce8870474547088d1a44725285 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 28 Jan 2025 22:00:54 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/29xxx/CVE-2024-29869.json | 87 ++++++++++++++++++-- 2024/55xxx/CVE-2024-55968.json | 61 ++++++++++++-- 2024/57xxx/CVE-2024-57376.json | 56 +++++++++++-- 2024/57xxx/CVE-2024-57514.json | 56 +++++++++++-- 2025/0xxx/CVE-2025-0785.json | 109 ++++++++++++++++++++++++- 2025/0xxx/CVE-2025-0817.json | 18 ++++ 2025/0xxx/CVE-2025-0818.json | 18 ++++ 2025/22xxx/CVE-2025-22917.json | 56 +++++++++++-- 2025/24xxx/CVE-2025-24166.json | 145 +-------------------------------- 9 files changed, 430 insertions(+), 176 deletions(-) create mode 100644 2025/0xxx/CVE-2025-0817.json create mode 100644 2025/0xxx/CVE-2025-0818.json diff --git a/2024/29xxx/CVE-2024-29869.json b/2024/29xxx/CVE-2024-29869.json index b5505a5b32b..72ad11ed08e 100644 --- a/2024/29xxx/CVE-2024-29869.json +++ b/2024/29xxx/CVE-2024-29869.json @@ -1,18 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29869", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Hive creates a credentials file to a temporary directory in the file system with permissions 644 by default when the file permissions are not set explicitly. Any unauthorized user having access to the directory can read the sensitive information written into this file.\u00a0Users are recommended to upgrade to version 4.0.1, which fixes this issue." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-732 Incorrect Permission Assignment for Critical Resource", + "cweId": "CWE-732" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Hive", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.1.0", + "version_value": "4.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/apache/hive", + "refsource": "MISC", + "name": "https://github.com/apache/hive" + }, + { + "url": "https://github.com/apache/hive/commit/20106e254527f7d71b2e34455c4322e14950c620", + "refsource": "MISC", + "name": "https://github.com/apache/hive/commit/20106e254527f7d71b2e34455c4322e14950c620" + }, + { + "url": "https://issues.apache.org/jira/browse/HIVE-28134", + "refsource": "MISC", + "name": "https://issues.apache.org/jira/browse/HIVE-28134" + }, + { + "url": "https://lists.apache.org/thread/h27ohpyrqf9w1m3c0tqr7x8jg59rcrv6", + "refsource": "MISC", + "name": "https://lists.apache.org/thread/h27ohpyrqf9w1m3c0tqr7x8jg59rcrv6" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "defect": [ + "HIVE-28134" + ], + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Andrea Cosentino" + } + ] } \ No newline at end of file diff --git a/2024/55xxx/CVE-2024-55968.json b/2024/55xxx/CVE-2024-55968.json index 9478faceac0..ca3027666e9 100644 --- a/2024/55xxx/CVE-2024-55968.json +++ b/2024/55xxx/CVE-2024-55968.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-55968", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-55968", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in DTEX DEC-M (DTEX Forwarder) 6.1.1. The com.dtexsystems.helper service, responsible for handling privileged operations within the macOS DTEX Event Forwarder agent, fails to implement critical client validation during XPC interprocess communication (IPC). Specifically, the service does not verify the code requirements, entitlements, security flags, or version of any client attempting to establish a connection. This lack of proper logic validation allows malicious actors to exploit the service's methods via unauthorized client connections, and escalate privileges to root by abusing the DTConnectionHelperProtocol protocol's submitQuery method over an unauthorized XPC connection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/Wi1DN00B/CVE-2024-55968", + "url": "https://github.com/Wi1DN00B/CVE-2024-55968" + }, + { + "refsource": "MISC", + "name": "https://github.com/null-event/CVE-2024-55968", + "url": "https://github.com/null-event/CVE-2024-55968" } ] } diff --git a/2024/57xxx/CVE-2024-57376.json b/2024/57xxx/CVE-2024-57376.json index fba497d60c3..a6afa80c755 100644 --- a/2024/57xxx/CVE-2024-57376.json +++ b/2024/57xxx/CVE-2024-57376.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57376", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57376", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer Overflow vulnerability in D-Link DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, DSR-1000N from 3.13 to 3.17B901C allows unauthenticated users to execute remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.dlink.com/en/security-bulletin/", + "url": "https://www.dlink.com/en/security-bulletin/" } ] } diff --git a/2024/57xxx/CVE-2024-57514.json b/2024/57xxx/CVE-2024-57514.json index 9c8801edb82..7732aabfbaf 100644 --- a/2024/57xxx/CVE-2024-57514.json +++ b/2024/57xxx/CVE-2024-57514.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57514", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57514", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The TP-Link Archer A20 v3 router is vulnerable to Cross-site Scripting (XSS) due to improper handling of directory listing paths in the web interface. When a specially crafted URL is visited, the router's web page renders the directory listing and executes arbitrary JavaScript embedded in the URL. This allows the attacker to inject malicious code into the page, executing JavaScript on the victim's browser, which could then be used for further malicious actions. The vulnerability was identified in the 1.0.6 Build 20231011 rel.85717(5553) version." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.zyenra.com/blog/xss-in-tplink-archer-a20.html", + "url": "https://www.zyenra.com/blog/xss-in-tplink-archer-a20.html" } ] } diff --git a/2025/0xxx/CVE-2025-0785.json b/2025/0xxx/CVE-2025-0785.json index 85c4c891ef9..d548ddd8aae 100644 --- a/2025/0xxx/CVE-2025-0785.json +++ b/2025/0xxx/CVE-2025-0785.json @@ -1,17 +1,118 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0785", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in ESAFENET CDG V5 and classified as problematic. This issue affects some unknown processing of the file /SysConfig.jsp. The manipulation of the argument help leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Eine problematische Schwachstelle wurde in ESAFENET CDG V5 gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /SysConfig.jsp. Dank der Manipulation des Arguments help mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting", + "cweId": "CWE-79" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Code Injection", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ESAFENET", + "product": { + "product_data": [ + { + "product_name": "CDG", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "V5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.293909", + "refsource": "MISC", + "name": "https://vuldb.com/?id.293909" + }, + { + "url": "https://vuldb.com/?ctiid.293909", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.293909" + }, + { + "url": "https://vuldb.com/?submit.483338", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.483338" + }, + { + "url": "https://github.com/Rain1er/report/blob/main/CDG/SysConfig.md", + "refsource": "MISC", + "name": "https://github.com/Rain1er/report/blob/main/CDG/SysConfig.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "raindrop (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ] } diff --git a/2025/0xxx/CVE-2025-0817.json b/2025/0xxx/CVE-2025-0817.json new file mode 100644 index 00000000000..cf4331b57e7 --- /dev/null +++ b/2025/0xxx/CVE-2025-0817.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-0817", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/0xxx/CVE-2025-0818.json b/2025/0xxx/CVE-2025-0818.json new file mode 100644 index 00000000000..135d0f86506 --- /dev/null +++ b/2025/0xxx/CVE-2025-0818.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-0818", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/22xxx/CVE-2025-22917.json b/2025/22xxx/CVE-2025-22917.json index 31caf931382..65d17e60fbe 100644 --- a/2025/22xxx/CVE-2025-22917.json +++ b/2025/22xxx/CVE-2025-22917.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-22917", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-22917", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A reflected cross-site scripting (XSS) vulnerability in Audemium ERP <=0.9.0 allows remote attackers to execute an arbitrary JavaScript payload in the web browser of a user by including a malicious payload into the 'type' parameter of list.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/timosarkar/vulnerabilities/blob/main/CVE-2025-22917/README.md", + "url": "https://github.com/timosarkar/vulnerabilities/blob/main/CVE-2025-22917/README.md" } ] } diff --git a/2025/24xxx/CVE-2025-24166.json b/2025/24xxx/CVE-2025-24166.json index 60eca0dad77..f7ff9191d73 100644 --- a/2025/24xxx/CVE-2025-24166.json +++ b/2025/24xxx/CVE-2025-24166.json @@ -5,154 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2025-24166", "ASSIGNER": "product-security@apple.com", - "STATE": "PUBLIC" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "This issue was addressed through improved state management. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously crafted web content may lead to an unexpected process crash." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Processing maliciously crafted web content may lead to an unexpected process crash" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Apple", - "product": { - "product_data": [ - { - "product_name": "macOS", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "unspecified", - "version_value": "14.7" - } - ] - } - }, - { - "product_name": "visionOS", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "unspecified", - "version_value": "2.3" - } - ] - } - }, - { - "product_name": "tvOS", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "unspecified", - "version_value": "18.3" - } - ] - } - }, - { - "product_name": "iPadOS", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "unspecified", - "version_value": "17.7" - } - ] - } - }, - { - "product_name": "watchOS", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "unspecified", - "version_value": "11.3" - } - ] - } - }, - { - "product_name": "iOS and iPadOS", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "unspecified", - "version_value": "18.3" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://support.apple.com/en-us/122069", - "refsource": "MISC", - "name": "https://support.apple.com/en-us/122069" - }, - { - "url": "https://support.apple.com/en-us/122073", - "refsource": "MISC", - "name": "https://support.apple.com/en-us/122073" - }, - { - "url": "https://support.apple.com/en-us/122072", - "refsource": "MISC", - "name": "https://support.apple.com/en-us/122072" - }, - { - "url": "https://support.apple.com/en-us/122068", - "refsource": "MISC", - "name": "https://support.apple.com/en-us/122068" - }, - { - "url": "https://support.apple.com/en-us/122067", - "refsource": "MISC", - "name": "https://support.apple.com/en-us/122067" - }, - { - "url": "https://support.apple.com/en-us/122071", - "refsource": "MISC", - "name": "https://support.apple.com/en-us/122071" - }, - { - "url": "https://support.apple.com/en-us/122070", - "refsource": "MISC", - "name": "https://support.apple.com/en-us/122070" - }, - { - "url": "https://support.apple.com/en-us/122066", - "refsource": "MISC", - "name": "https://support.apple.com/en-us/122066" + "value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ] }