From 42c358f146bde8e73d31c9ba6659d6f7495ca63e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 18 Feb 2025 23:00:32 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/13xxx/CVE-2024-13743.json | 76 ++++++++++++++++++++++++++++++++-- 2024/13xxx/CVE-2024-13888.json | 18 ++++++++ 2024/56xxx/CVE-2024-56171.json | 56 ++++++++++++++++++++++--- 2024/57xxx/CVE-2024-57254.json | 61 ++++++++++++++++++++++++--- 2024/57xxx/CVE-2024-57255.json | 61 ++++++++++++++++++++++++--- 2024/57xxx/CVE-2024-57256.json | 61 ++++++++++++++++++++++++--- 2024/57xxx/CVE-2024-57258.json | 71 ++++++++++++++++++++++++++++--- 2025/22xxx/CVE-2025-22919.json | 56 ++++++++++++++++++++++--- 2025/22xxx/CVE-2025-22920.json | 61 ++++++++++++++++++++++++--- 2025/22xxx/CVE-2025-22921.json | 56 ++++++++++++++++++++++--- 2025/24xxx/CVE-2025-24928.json | 61 ++++++++++++++++++++++++--- 2025/25xxx/CVE-2025-25467.json | 56 ++++++++++++++++++++++--- 2025/25xxx/CVE-2025-25468.json | 61 ++++++++++++++++++++++++--- 2025/25xxx/CVE-2025-25469.json | 61 ++++++++++++++++++++++++--- 2025/25xxx/CVE-2025-25471.json | 61 ++++++++++++++++++++++++--- 2025/25xxx/CVE-2025-25472.json | 56 ++++++++++++++++++++++--- 2025/25xxx/CVE-2025-25473.json | 66 ++++++++++++++++++++++++++--- 2025/25xxx/CVE-2025-25474.json | 56 ++++++++++++++++++++++--- 2025/25xxx/CVE-2025-25475.json | 61 ++++++++++++++++++++++++--- 2025/26xxx/CVE-2025-26624.json | 72 ++++++++++++++++++++++++++++++-- 2025/27xxx/CVE-2025-27113.json | 62 +++++++++++++++++++++++++++ 21 files changed, 1140 insertions(+), 110 deletions(-) create mode 100644 2024/13xxx/CVE-2024-13888.json create mode 100644 2025/27xxx/CVE-2025-27113.json diff --git a/2024/13xxx/CVE-2024-13743.json b/2024/13xxx/CVE-2024-13743.json index 904366f5637..db920db2d31 100644 --- a/2024/13xxx/CVE-2024-13743.json +++ b/2024/13xxx/CVE-2024-13743.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-13743", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Wonder Video Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wonderplugin_video shortcode in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "wonderplugin", + "product": { + "product_data": [ + { + "product_name": "Wonder Video Embed", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "2.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/97bd4897-c0c2-4819-aa25-942e256de9a3?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/97bd4897-c0c2-4819-aa25-942e256de9a3?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wonderplugin-video-embed/trunk/app/class-wonderplugin-videoembed-widgetview.php#L232", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/wonderplugin-video-embed/trunk/app/class-wonderplugin-videoembed-widgetview.php#L232" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Krzysztof Zaj\u0105c" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/13xxx/CVE-2024-13888.json b/2024/13xxx/CVE-2024-13888.json new file mode 100644 index 00000000000..9df9a566451 --- /dev/null +++ b/2024/13xxx/CVE-2024-13888.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13888", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/56xxx/CVE-2024-56171.json b/2024/56xxx/CVE-2024-56171.json index e8ec45dd0ff..4ef087fdfef 100644 --- a/2024/56xxx/CVE-2024-56171.json +++ b/2024/56xxx/CVE-2024-56171.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-56171", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-56171", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/828", + "refsource": "MISC", + "name": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/828" } ] } diff --git a/2024/57xxx/CVE-2024-57254.json b/2024/57xxx/CVE-2024-57254.json index c3337807c73..9d2f62643fb 100644 --- a/2024/57xxx/CVE-2024-57254.json +++ b/2024/57xxx/CVE-2024-57254.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57254", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57254", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An integer overflow in sqfs_inode_size in Das U-Boot before 2025.01-rc1 occurs in the symlink size calculation via a crafted squashfs filesystem." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://source.denx.de/u-boot/u-boot/-/commit/c8e929e5758999933f9e905049ef2bf3fe6b140d", + "refsource": "MISC", + "name": "https://source.denx.de/u-boot/u-boot/-/commit/c8e929e5758999933f9e905049ef2bf3fe6b140d" + }, + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2025/02/17/2", + "url": "https://www.openwall.com/lists/oss-security/2025/02/17/2" } ] } diff --git a/2024/57xxx/CVE-2024-57255.json b/2024/57xxx/CVE-2024-57255.json index 68c4094cf3a..468be86dd20 100644 --- a/2024/57xxx/CVE-2024-57255.json +++ b/2024/57xxx/CVE-2024-57255.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57255", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57255", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://source.denx.de/u-boot/u-boot/-/commit/233945eba63e24061dffeeaeb7cd6fe985278356", + "refsource": "MISC", + "name": "https://source.denx.de/u-boot/u-boot/-/commit/233945eba63e24061dffeeaeb7cd6fe985278356" + }, + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2025/02/17/2", + "url": "https://www.openwall.com/lists/oss-security/2025/02/17/2" } ] } diff --git a/2024/57xxx/CVE-2024-57256.json b/2024/57xxx/CVE-2024-57256.json index 148ff322cea..44db566b440 100644 --- a/2024/57xxx/CVE-2024-57256.json +++ b/2024/57xxx/CVE-2024-57256.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57256", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57256", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://source.denx.de/u-boot/u-boot/-/commit/35f75d2a46e5859138c83a75cd2f4141c5479ab9", + "refsource": "MISC", + "name": "https://source.denx.de/u-boot/u-boot/-/commit/35f75d2a46e5859138c83a75cd2f4141c5479ab9" + }, + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2025/02/17/2", + "url": "https://www.openwall.com/lists/oss-security/2025/02/17/2" } ] } diff --git a/2024/57xxx/CVE-2024-57258.json b/2024/57xxx/CVE-2024-57258.json index 6b1d20a9140..10073f40e7a 100644 --- a/2024/57xxx/CVE-2024-57258.json +++ b/2024/57xxx/CVE-2024-57258.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57258", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57258", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdiff_t is mishandled on x86_64." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://source.denx.de/u-boot/u-boot/-/commit/0a10b49206a29b4aa2f80233a3e53ca0466bb0b3", + "refsource": "MISC", + "name": "https://source.denx.de/u-boot/u-boot/-/commit/0a10b49206a29b4aa2f80233a3e53ca0466bb0b3" + }, + { + "url": "https://source.denx.de/u-boot/u-boot/-/commit/8642b2178d2c4002c99a0b69a845a48f2ae2706f", + "refsource": "MISC", + "name": "https://source.denx.de/u-boot/u-boot/-/commit/8642b2178d2c4002c99a0b69a845a48f2ae2706f" + }, + { + "url": "https://source.denx.de/u-boot/u-boot/-/commit/c17b2a05dd50a3ba437e6373093a0d6a359cdee0", + "refsource": "MISC", + "name": "https://source.denx.de/u-boot/u-boot/-/commit/c17b2a05dd50a3ba437e6373093a0d6a359cdee0" + }, + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2025/02/17/2", + "url": "https://www.openwall.com/lists/oss-security/2025/02/17/2" } ] } diff --git a/2025/22xxx/CVE-2025-22919.json b/2025/22xxx/CVE-2025-22919.json index 6f80cc01287..278ba605d57 100644 --- a/2025/22xxx/CVE-2025-22919.json +++ b/2025/22xxx/CVE-2025-22919.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-22919", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-22919", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://trac.ffmpeg.org/ticket/11385", + "refsource": "MISC", + "name": "https://trac.ffmpeg.org/ticket/11385" } ] } diff --git a/2025/22xxx/CVE-2025-22920.json b/2025/22xxx/CVE-2025-22920.json index 2110176a852..c2091b2ec45 100644 --- a/2025/22xxx/CVE-2025-22920.json +++ b/2025/22xxx/CVE-2025-22920.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-22920", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-22920", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A heap buffer overflow vulnerability in FFmpeg before commit 4bf784c allows attackers to trigger a memory corruption via supplying a crafted media file in avformat when processing tile grid group streams. This can lead to a Denial of Service (DoS)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/4bf784c0e5615c3f934e677d5de093a8be7da7ae", + "refsource": "MISC", + "name": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/4bf784c0e5615c3f934e677d5de093a8be7da7ae" + }, + { + "url": "https://trac.ffmpeg.org/ticket/11389", + "refsource": "MISC", + "name": "https://trac.ffmpeg.org/ticket/11389" } ] } diff --git a/2025/22xxx/CVE-2025-22921.json b/2025/22xxx/CVE-2025-22921.json index c30e6282d06..59a8828d9fb 100644 --- a/2025/22xxx/CVE-2025-22921.json +++ b/2025/22xxx/CVE-2025-22921.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-22921", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-22921", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://trac.ffmpeg.org/ticket/11393", + "refsource": "MISC", + "name": "https://trac.ffmpeg.org/ticket/11393" } ] } diff --git a/2025/24xxx/CVE-2025-24928.json b/2025/24xxx/CVE-2025-24928.json index d337e712d97..662ec32b612 100644 --- a/2025/24xxx/CVE-2025-24928.json +++ b/2025/24xxx/CVE-2025-24928.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-24928", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-24928", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/847", + "refsource": "MISC", + "name": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/847" + }, + { + "url": "https://issues.oss-fuzz.com/issues/392687022", + "refsource": "MISC", + "name": "https://issues.oss-fuzz.com/issues/392687022" } ] } diff --git a/2025/25xxx/CVE-2025-25467.json b/2025/25xxx/CVE-2025-25467.json index f27a90a9c1b..cb4f908336c 100644 --- a/2025/25xxx/CVE-2025-25467.json +++ b/2025/25xxx/CVE-2025-25467.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-25467", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-25467", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient tracking and releasing of allocated used memory in libx264 git master allows attackers to execute arbitrary code via creating a crafted AAC file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://code.videolan.org/videolan/x264/-/issues/75", + "refsource": "MISC", + "name": "https://code.videolan.org/videolan/x264/-/issues/75" } ] } diff --git a/2025/25xxx/CVE-2025-25468.json b/2025/25xxx/CVE-2025-25468.json index 82ba36d0ef1..edee311fc99 100644 --- a/2025/25xxx/CVE-2025-25468.json +++ b/2025/25xxx/CVE-2025-25468.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-25468", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-25468", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/mem.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://trac.ffmpeg.org/ticket/11415", + "refsource": "MISC", + "name": "https://trac.ffmpeg.org/ticket/11415" + }, + { + "url": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/d5873be583ada9e1fb887e2fe8dcfd4b12e0efcd", + "refsource": "MISC", + "name": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/d5873be583ada9e1fb887e2fe8dcfd4b12e0efcd" } ] } diff --git a/2025/25xxx/CVE-2025-25469.json b/2025/25xxx/CVE-2025-25469.json index cc2b952afcd..9219fd790cb 100644 --- a/2025/25xxx/CVE-2025-25469.json +++ b/2025/25xxx/CVE-2025-25469.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-25469", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-25469", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/iamf.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/d5873be583ada9e1fb887e2fe8dcfd4b12e0efcd", + "refsource": "MISC", + "name": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/d5873be583ada9e1fb887e2fe8dcfd4b12e0efcd" + }, + { + "url": "https://trac.ffmpeg.org/ticket/11416", + "refsource": "MISC", + "name": "https://trac.ffmpeg.org/ticket/11416" } ] } diff --git a/2025/25xxx/CVE-2025-25471.json b/2025/25xxx/CVE-2025-25471.json index 62933883e22..3e393fb652d 100644 --- a/2025/25xxx/CVE-2025-25471.json +++ b/2025/25xxx/CVE-2025-25471.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-25471", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-25471", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "FFmpeg git master before commit fd1772 was discovered to contain a NULL pointer dereference via the component libavformat/mov.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/fd1772b7475d0d5673a5dd314ee78443d0be4cf1", + "refsource": "MISC", + "name": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/fd1772b7475d0d5673a5dd314ee78443d0be4cf1" + }, + { + "url": "https://trac.ffmpeg.org/ticket/11417", + "refsource": "MISC", + "name": "https://trac.ffmpeg.org/ticket/11417" } ] } diff --git a/2025/25xxx/CVE-2025-25472.json b/2025/25xxx/CVE-2025-25472.json index bd164788cd5..92b4b7cc8a1 100644 --- a/2025/25xxx/CVE-2025-25472.json +++ b/2025/25xxx/CVE-2025-25472.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-25472", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-25472", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A buffer overflow in DCMTK git master v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DCM file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=410ffe2019b9db6a8f4036daac742a6f5e4d36c2", + "refsource": "MISC", + "name": "https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=410ffe2019b9db6a8f4036daac742a6f5e4d36c2" } ] } diff --git a/2025/25xxx/CVE-2025-25473.json b/2025/25xxx/CVE-2025-25473.json index 1fbbb337520..862c91b2098 100644 --- a/2025/25xxx/CVE-2025-25473.json +++ b/2025/25xxx/CVE-2025-25473.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-25473", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-25473", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "FFmpeg git master before commit c08d30 was discovered to contain a NULL pointer dereference via the component libavformat/mov.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://git.ffmpeg.org/gitweb/ffmpeg.git/blobdiff/4f3c9f2f03378a08692a26532bc3146414717f8c..c08d300481b8ebb846cd43a473988fdbc6793d1b:/libavformat/avformat.c", + "refsource": "MISC", + "name": "https://git.ffmpeg.org/gitweb/ffmpeg.git/blobdiff/4f3c9f2f03378a08692a26532bc3146414717f8c..c08d300481b8ebb846cd43a473988fdbc6793d1b:/libavformat/avformat.c" + }, + { + "url": "https://trac.ffmpeg.org/ticket/11419", + "refsource": "MISC", + "name": "https://trac.ffmpeg.org/ticket/11419" + }, + { + "url": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/c08d300481b8ebb846cd43a473988fdbc6793d1b", + "refsource": "MISC", + "name": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/c08d300481b8ebb846cd43a473988fdbc6793d1b" } ] } diff --git a/2025/25xxx/CVE-2025-25474.json b/2025/25xxx/CVE-2025-25474.json index 732dbcaf118..39d9c7a3e75 100644 --- a/2025/25xxx/CVE-2025-25474.json +++ b/2025/25xxx/CVE-2025-25474.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-25474", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-25474", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DCMTK v3.6.9+ DEV was discovered to contain a buffer overflow via the component /dcmimgle/diinpxt.h." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=1d205bcd307164c99e0d4bbf412110372658d847", + "refsource": "MISC", + "name": "https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=1d205bcd307164c99e0d4bbf412110372658d847" } ] } diff --git a/2025/25xxx/CVE-2025-25475.json b/2025/25xxx/CVE-2025-25475.json index 885c8b86805..879792b7208 100644 --- a/2025/25xxx/CVE-2025-25475.json +++ b/2025/25xxx/CVE-2025-25475.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-25475", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-25475", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A NULL pointer dereference in the component /libsrc/dcrleccd.cc of DCMTK v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DICOM file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=bffa3e9116abb7038b432443f16b1bd390e80245", + "refsource": "MISC", + "name": "https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=bffa3e9116abb7038b432443f16b1bd390e80245" + }, + { + "url": "https://github.com/DCMTK/dcmtk/commit/bffa3e9116abb7038b432443f16b1bd390e80245", + "refsource": "MISC", + "name": "https://github.com/DCMTK/dcmtk/commit/bffa3e9116abb7038b432443f16b1bd390e80245" } ] } diff --git a/2025/26xxx/CVE-2025-26624.json b/2025/26xxx/CVE-2025-26624.json index d1710172863..d4f004637db 100644 --- a/2025/26xxx/CVE-2025-26624.json +++ b/2025/26xxx/CVE-2025-26624.json @@ -1,18 +1,82 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26624", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Rufus is a utility that helps format and create bootable USB flash drives. A DLL hijacking vulnerability in Rufus 4.6.2208 and earlier versions allows an attacker loading and executing a malicious DLL with escalated privileges (since the executable has been granted higher privileges during the time of launch) due to the ability to inject a malicious `cfgmgr32.dll` in the same directory as the executable and have it side load automatically. This is fixed in commit `74dfa49`, which will be part of version 4.7. Users are advised to upgrade as soon as version 4.7 becomes available. There are no known workarounds for this vulnerability." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-426: Untrusted Search Path", + "cweId": "CWE-426" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-427: Uncontrolled Search Path Element", + "cweId": "CWE-427" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "pbatard", + "product": { + "product_data": [ + { + "product_name": "rufus", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 4.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/pbatard/rufus/security/advisories/GHSA-p8p5-r296-g2jv", + "refsource": "MISC", + "name": "https://github.com/pbatard/rufus/security/advisories/GHSA-p8p5-r296-g2jv" + }, + { + "url": "https://github.com/pbatard/rufus/commit/74dfa49707fd626b58d776d3400295740a29e23e", + "refsource": "MISC", + "name": "https://github.com/pbatard/rufus/commit/74dfa49707fd626b58d776d3400295740a29e23e" + } + ] + }, + "source": { + "advisory": "GHSA-p8p5-r296-g2jv", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/27xxx/CVE-2025-27113.json b/2025/27xxx/CVE-2025-27113.json new file mode 100644 index 00000000000..e9b2ff51c62 --- /dev/null +++ b/2025/27xxx/CVE-2025-27113.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2025-27113", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "refsource": "MISC", + "name": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861" + } + ] + } +} \ No newline at end of file