diff --git a/2023/41xxx/CVE-2023-41591.json b/2023/41xxx/CVE-2023-41591.json index 8cc410b2476..fe86389f1fb 100644 --- a/2023/41xxx/CVE-2023-41591.json +++ b/2023/41xxx/CVE-2023-41591.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-41591", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-41591", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in Open Network Foundation ONOS v2.7.0 allows attackers to create fake IP/MAC addresses and potentially execute a man-in-the-middle attack on communications between fake and real hosts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.onosproject.org/pages/viewpage.action?pageId=16122675", + "refsource": "MISC", + "name": "https://wiki.onosproject.org/pages/viewpage.action?pageId=16122675" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/kjw6855/9764e3f51b89119473e4d2c4f64dca27", + "url": "https://gist.github.com/kjw6855/9764e3f51b89119473e4d2c4f64dca27" } ] } diff --git a/2024/2xxx/CVE-2024-2905.json b/2024/2xxx/CVE-2024-2905.json index d7b9d7b5496..ac0c6ff3018 100644 --- a/2024/2xxx/CVE-2024-2905.json +++ b/2024/2xxx/CVE-2024-2905.json @@ -35,6 +35,27 @@ "vendor_name": "Red Hat", "product": { "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 10", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:2025.5-1.el10", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 9", "version": { @@ -97,7 +118,7 @@ { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "affected" + "defaultStatus": "unaffected" } } ] @@ -111,6 +132,11 @@ }, "references": { "reference_data": [ + { + "url": "https://access.redhat.com/errata/RHBA-2025:4872", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHBA-2025:4872" + }, { "url": "https://access.redhat.com/errata/RHSA-2024:3401", "refsource": "MISC", diff --git a/2024/53xxx/CVE-2024-53423.json b/2024/53xxx/CVE-2024-53423.json index 233e04d1917..b77067e4e3b 100644 --- a/2024/53xxx/CVE-2024-53423.json +++ b/2024/53xxx/CVE-2024-53423.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-53423", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-53423", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in Open Network Foundation ONOS v2.7.0 allows attackers to cause a Denial of Service (DoS) via supplying crafted packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.onosproject.org/pages/viewpage.action?pageId=16122675", + "refsource": "MISC", + "name": "https://wiki.onosproject.org/pages/viewpage.action?pageId=16122675" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/kjw6855/abeecc798d138b49537393e1fd3a5e96", + "url": "https://gist.github.com/kjw6855/abeecc798d138b49537393e1fd3a5e96" } ] } diff --git a/2025/29xxx/CVE-2025-29632.json b/2025/29xxx/CVE-2025-29632.json index aad6e1c446b..9e7c71db190 100644 --- a/2025/29xxx/CVE-2025-29632.json +++ b/2025/29xxx/CVE-2025-29632.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-29632", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-29632", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer Overflow vulnerability in Free5gc v.4.0.0 allows a remote attacker to cause a denial of service via the AMF, NGAP, security.go, handler_generated.go, handleInitialUEMessageMain, DecodePlainNasNoIntegrityCheck, GetSecurityHeaderType components" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/free5gc/free5gc/issues/657", + "refsource": "MISC", + "name": "https://github.com/free5gc/free5gc/issues/657" + }, + { + "refsource": "MISC", + "name": "https://github.com/OHnogood/CVE-2025-29632/", + "url": "https://github.com/OHnogood/CVE-2025-29632/" } ] } diff --git a/2025/39xxx/CVE-2025-39407.json b/2025/39xxx/CVE-2025-39407.json index 32c26313d62..25188e99c80 100644 --- a/2025/39xxx/CVE-2025-39407.json +++ b/2025/39xxx/CVE-2025-39407.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Caseproof, LLC Memberpress allows Reflected XSS.This issue affects Memberpress: from n/a through 1.11.37." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Caseproof, LLC Memberpress allows Reflected XSS.This issue affects Memberpress: from n/a before 1.12.0." } ] }, @@ -40,9 +40,24 @@ "version": { "version_data": [ { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "1.11.37" + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.12.0", + "status": "unaffected" + } + ], + "lessThan": "1.12.0", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } } ] } @@ -68,6 +83,19 @@ "source": { "discovery": "EXTERNAL" }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.12.0 or a higher version." + } + ], + "value": "Update to\u00a01.12.0 or a higher version." + } + ], "credits": [ { "lang": "en", diff --git a/2025/46xxx/CVE-2025-46823.json b/2025/46xxx/CVE-2025-46823.json index ac9f7c0ec11..149827364b6 100644 --- a/2025/46xxx/CVE-2025-46823.json +++ b/2025/46xxx/CVE-2025-46823.json @@ -1,18 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-46823", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "openmrs-module-fhir2 provides the FHIR REST API and related services for OpenMRS, an open medical records system. In versions of the FHIR2 module prior to 2.5.0, privileges were not always correctly checked, which means that unauthorized users may have been able to add or edit data they were not supposed to be able to. All implementers should update to FHIR2 2.5.0 or newer as soon as is feasible to receive a patch." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862: Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "openmrs", + "product": { + "product_data": [ + { + "product_name": "openmrs-module-fhir2", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 2.5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openmrs/openmrs-module-fhir2/security/advisories/GHSA-g5vq-w8v2-4x9j", + "refsource": "MISC", + "name": "https://github.com/openmrs/openmrs-module-fhir2/security/advisories/GHSA-g5vq-w8v2-4x9j" + }, + { + "url": "https://github.com/openmrs/openmrs-module-fhir2/releases/tag/2.5.0", + "refsource": "MISC", + "name": "https://github.com/openmrs/openmrs-module-fhir2/releases/tag/2.5.0" + } + ] + }, + "source": { + "advisory": "GHSA-g5vq-w8v2-4x9j", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/48xxx/CVE-2025-48742.json b/2025/48xxx/CVE-2025-48742.json index 44f9f6d0ef2..fce5338ef61 100644 --- a/2025/48xxx/CVE-2025-48742.json +++ b/2025/48xxx/CVE-2025-48742.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "The installer in SIGB PMB before 8.0.1.2 allows remote code execution." + "value": "The installer in SIGB PMB before and fixed in v.8.0.1.2 allows remote code execution." } ] }, diff --git a/2025/5xxx/CVE-2025-5336.json b/2025/5xxx/CVE-2025-5336.json new file mode 100644 index 00000000000..29d801c4c47 --- /dev/null +++ b/2025/5xxx/CVE-2025-5336.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-5336", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file