admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-05-21 00:00:37 +00:00
parent f6d5bd9b67
commit 3e2fd3786c
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
7 changed files with 461 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
2024/12xxx/CVE-2024-12133.json
View File

@ -105,6 +105,27 @@
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.16.0-8.el9_4.1",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
@ -162,6 +183,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2025:7077"
},
{
"url": "https://access.redhat.com/errata/RHSA-2025:8021",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2025:8021"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-12133",
"refsource": "MISC",

26
2024/12xxx/CVE-2024-12243.json
View File

@ -105,6 +105,27 @@
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:3.8.3-4.el9_4.2",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
@ -162,6 +183,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2025:7076"
},
{
"url": "https://access.redhat.com/errata/RHSA-2025:8020",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2025:8020"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-12243",
"refsource": "MISC",

15
2024/6xxx/CVE-2024-6538.json
View File

@ -36,12 +36,20 @@
"product": {
"product_data": [
{
"product_name": "Red Hat OpenShift Container Platform 4",
"product_name": "Red Hat OpenShift Container Platform 4.18",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "v4.18.0-202505150334.p0.g75bc164.assembly.stream.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
@ -56,6 +64,11 @@
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2025:7863",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2025:7863"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-6538",
"refsource": "MISC",

4
2025/0xxx/CVE-2025-0129.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Prisma Access Browser: Inappropriate control behavior in Prisma Access Browser"
"value": "An improper exception check in Palo Alto Networks Prisma Access Browser allows a low privileged user to prevent Prisma Access Browser from applying it's Policy Rules. This enables the user to use Prisma Access Browser without any restrictions."
}
]
},
@ -137,7 +137,7 @@
"credits": [
{
"lang": "en",
"value": "Palo Alto Networks thanks Tan Inn Fung, Yu Ann Ong, Zhang Bosen from the GovTech Cybersecurity Group for discovering and reporting CVE-2025-0129."
"value": "Palo Alto Networks thanks Tan Inn Fung, Yu Ann Ong, Zhang Bosen from the GovTech Cybersecurity Group for discovering and reporting this issue."
}
]
}

187
2025/5xxx/CVE-2025-5007.json
View File

@ -1,17 +1,196 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-5007",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Part-DB up to 1.17.0. It has been declared as problematic. Affected by this vulnerability is the function handleUpload of the file src/Services/Attachments/AttachmentSubmitHandler.php of the component Profile Picture Feature. The manipulation of the argument attachment leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.17.1 is able to address this issue. The identifier of the patch is 2c4f44e808500db19c391159b30cb6142896d415. It is recommended to upgrade the affected component."
},
{
"lang": "deu",
"value": "In Part-DB bis 1.17.0 wurde eine problematische Schwachstelle ausgemacht. Das betrifft die Funktion handleUpload der Datei src/Services/Attachments/AttachmentSubmitHandler.php der Komponente Profile Picture Feature. Dank der Manipulation des Arguments attachment mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 1.17.1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 2c4f44e808500db19c391159b30cb6142896d415 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting",
"cweId": "CWE-79"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Code Injection",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Part-DB",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
},
{
"version_affected": "=",
"version_value": "1.1"
},
{
"version_affected": "=",
"version_value": "1.2"
},
{
"version_affected": "=",
"version_value": "1.3"
},
{
"version_affected": "=",
"version_value": "1.4"
},
{
"version_affected": "=",
"version_value": "1.5"
},
{
"version_affected": "=",
"version_value": "1.6"
},
{
"version_affected": "=",
"version_value": "1.7"
},
{
"version_affected": "=",
"version_value": "1.8"
},
{
"version_affected": "=",
"version_value": "1.9"
},
{
"version_affected": "=",
"version_value": "1.10"
},
{
"version_affected": "=",
"version_value": "1.11"
},
{
"version_affected": "=",
"version_value": "1.12"
},
{
"version_affected": "=",
"version_value": "1.13"
},
{
"version_affected": "=",
"version_value": "1.14"
},
{
"version_affected": "=",
"version_value": "1.15"
},
{
"version_affected": "=",
"version_value": "1.16"
},
{
"version_affected": "=",
"version_value": "1.17.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.309661",
"refsource": "MISC",
"name": "https://vuldb.com/?id.309661"
},
{
"url": "https://vuldb.com/?ctiid.309661",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.309661"
},
{
"url": "https://vuldb.com/?submit.580323",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.580323"
},
{
"url": "https://github.com/Part-DB/Part-DB-server/releases/tag/v1.17.1",
"refsource": "MISC",
"name": "https://github.com/Part-DB/Part-DB-server/releases/tag/v1.17.1"
},
{
"url": "https://github.com/b1d0ws/CVEs/blob/main/CVE-2025-XXXX.md",
"refsource": "MISC",
"name": "https://github.com/b1d0ws/CVEs/blob/main/CVE-2025-XXXX.md"
},
{
"url": "https://github.com/Part-DB/Part-DB-server/commit/2c4f44e808500db19c391159b30cb6142896d415",
"refsource": "MISC",
"name": "https://github.com/Part-DB/Part-DB-server/commit/2c4f44e808500db19c391159b30cb6142896d415"
}
]
},
"credits": [
{
"lang": "en",
"value": "b1d0ws (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

109
2025/5xxx/CVE-2025-5008.json
View File

@ -1,17 +1,118 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-5008",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in projectworlds Online Time Table Generator 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add_teacher.php. The manipulation of the argument e leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well."
},
{
"lang": "deu",
"value": "Eine kritische Schwachstelle wurde in projectworlds Online Time Table Generator 1.0 ausgemacht. Dies betrifft einen unbekannten Teil der Datei /admin/add_teacher.php. Dank Manipulation des Arguments e mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection",
"cweId": "CWE-89"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Injection",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "projectworlds",
"product": {
"product_data": [
{
"product_name": "Online Time Table Generator",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.309662",
"refsource": "MISC",
"name": "https://vuldb.com/?id.309662"
},
{
"url": "https://vuldb.com/?ctiid.309662",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.309662"
},
{
"url": "https://vuldb.com/?submit.580412",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.580412"
},
{
"url": "https://github.com/hhhanxx/attack/issues/18",
"refsource": "MISC",
"name": "https://github.com/hhhanxx/attack/issues/18"
}
]
},
"credits": [
{
"lang": "en",
"value": "attackxuu (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 7.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 7.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
]
}

109
2025/5xxx/CVE-2025-5010.json
View File

@ -1,17 +1,118 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-5010",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as problematic has been found in moonlightL hexo-boot 4.3.0. This affects an unknown part of the file /admin/home/index.html of the component Blog Backend. The manipulation of the argument Description leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in moonlightL hexo-boot 4.3.0 entdeckt. Sie wurde als problematisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei /admin/home/index.html der Komponente Blog Backend. Mit der Manipulation des Arguments Description mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting",
"cweId": "CWE-79"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Code Injection",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "moonlightL",
"product": {
"product_data": [
{
"product_name": "hexo-boot",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.3.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.309663",
"refsource": "MISC",
"name": "https://vuldb.com/?id.309663"
},
{
"url": "https://vuldb.com/?ctiid.309663",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.309663"
},
{
"url": "https://vuldb.com/?submit.580567",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.580567"
},
{
"url": "https://github.com/trengh222/hexo-boot-xss1.0/blob/yhtt/README.md",
"refsource": "MISC",
"name": "https://github.com/trengh222/hexo-boot-xss1.0/blob/yhtt/README.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "trengh (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 2.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 2.4,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N"
}
]
}