From 49b1903e82d194bf38e564776675a4001e9ec7c3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 15 Apr 2025 23:00:31 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/38xxx/CVE-2023-38994.json | 5 ++ 2023/46xxx/CVE-2023-46988.json | 2 +- 2024/22xxx/CVE-2024-22851.json | 5 ++ 2024/29xxx/CVE-2024-29500.json | 5 ++ 2024/29xxx/CVE-2024-29502.json | 5 ++ 2024/49xxx/CVE-2024-49200.json | 56 ++++++++++++++++++--- 2025/22xxx/CVE-2025-22911.json | 61 ++++++++++++++++++++--- 2025/25xxx/CVE-2025-25453.json | 61 ++++++++++++++++++++--- 2025/25xxx/CVE-2025-25458.json | 61 ++++++++++++++++++++--- 2025/32xxx/CVE-2025-32388.json | 86 ++++++++++++++++++++++++++++++-- 2025/32xxx/CVE-2025-32435.json | 91 ++++++++++++++++++++++++++++++++-- 2025/32xxx/CVE-2025-32782.json | 81 ++++++++++++++++++++++++++++-- 2025/36xxx/CVE-2025-36835.json | 18 +++++++ 2025/36xxx/CVE-2025-36836.json | 18 +++++++ 2025/36xxx/CVE-2025-36837.json | 18 +++++++ 2025/36xxx/CVE-2025-36838.json | 18 +++++++ 2025/36xxx/CVE-2025-36839.json | 18 +++++++ 2025/36xxx/CVE-2025-36840.json | 18 +++++++ 2025/36xxx/CVE-2025-36841.json | 18 +++++++ 2025/36xxx/CVE-2025-36842.json | 18 +++++++ 2025/36xxx/CVE-2025-36843.json | 18 +++++++ 2025/36xxx/CVE-2025-36844.json | 18 +++++++ 2025/3xxx/CVE-2025-3671.json | 18 +++++++ 2025/3xxx/CVE-2025-3672.json | 18 +++++++ 24 files changed, 698 insertions(+), 37 deletions(-) create mode 100644 2025/36xxx/CVE-2025-36835.json create mode 100644 2025/36xxx/CVE-2025-36836.json create mode 100644 2025/36xxx/CVE-2025-36837.json create mode 100644 2025/36xxx/CVE-2025-36838.json create mode 100644 2025/36xxx/CVE-2025-36839.json create mode 100644 2025/36xxx/CVE-2025-36840.json create mode 100644 2025/36xxx/CVE-2025-36841.json create mode 100644 2025/36xxx/CVE-2025-36842.json create mode 100644 2025/36xxx/CVE-2025-36843.json create mode 100644 2025/36xxx/CVE-2025-36844.json create mode 100644 2025/3xxx/CVE-2025-3671.json create mode 100644 2025/3xxx/CVE-2025-3672.json diff --git a/2023/38xxx/CVE-2023-38994.json b/2023/38xxx/CVE-2023-38994.json index 14dadf7eed1..9d3e4c42895 100644 --- a/2023/38xxx/CVE-2023-38994.json +++ b/2023/38xxx/CVE-2023-38994.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "https://forge.univention.org/bugzilla/show_bug.cgi?id=56324#c0", "url": "https://forge.univention.org/bugzilla/show_bug.cgi?id=56324#c0" + }, + { + "refsource": "MISC", + "name": "https://raeph123.github.io/BlogPosts/Univention/Simple_yet_effective_The_story_of_some_simple_bugs_that_led_to_the_complete_compromise_of_a_network_en.html", + "url": "https://raeph123.github.io/BlogPosts/Univention/Simple_yet_effective_The_story_of_some_simple_bugs_that_led_to_the_complete_compromise_of_a_network_en.html" } ] }, diff --git a/2023/46xxx/CVE-2023-46988.json b/2023/46xxx/CVE-2023-46988.json index 4ee4cd942bb..ad63ead7032 100644 --- a/2023/46xxx/CVE-2023-46988.json +++ b/2023/46xxx/CVE-2023-46988.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Directory Traversal vulnerability in ONLYOFFICE Document Server v.7.5.0 and before allows a remote attacker to obtain sensitive information via a crafted file upload." + "value": "Path Traversal vulnerability in ONLYOFFICE Document Server before v8.0.1 allows a remote attacker to copy arbitrary files by manipulating the fileExt parameter in the /example/editor endpoint, leading to unauthorized access to sensitive files and potential Denial of Service (DoS)." } ] }, diff --git a/2024/22xxx/CVE-2024-22851.json b/2024/22xxx/CVE-2024-22851.json index ce99520d5cf..139eb3d1bda 100644 --- a/2024/22xxx/CVE-2024-22851.json +++ b/2024/22xxx/CVE-2024-22851.json @@ -61,6 +61,11 @@ "refsource": "CONFIRM", "name": "https://www.liveconfig.com/de/kb/cve/cve-2024-22851/", "url": "https://www.liveconfig.com/de/kb/cve/cve-2024-22851/" + }, + { + "refsource": "MISC", + "name": "https://raeph123.github.io/BlogPosts/LiveConfig/LiveConfig_Advisory_CVE-2024-22851_en.html", + "url": "https://raeph123.github.io/BlogPosts/LiveConfig/LiveConfig_Advisory_CVE-2024-22851_en.html" } ] } diff --git a/2024/29xxx/CVE-2024-29500.json b/2024/29xxx/CVE-2024-29500.json index 06ff4ddb183..b2b8bdb5215 100644 --- a/2024/29xxx/CVE-2024-29500.json +++ b/2024/29xxx/CVE-2024-29500.json @@ -56,6 +56,11 @@ "url": "https://www.drive-byte.de/en/blog/inteset-bugs-and-hardening", "refsource": "MISC", "name": "https://www.drive-byte.de/en/blog/inteset-bugs-and-hardening" + }, + { + "refsource": "MISC", + "name": "https://raeph123.github.io/BlogPosts/inteset/Inteset_Secure_Lockdown_Multi_Application_Edition_-_Vulnerabilities_and_Hardening_Measures_en.html", + "url": "https://raeph123.github.io/BlogPosts/inteset/Inteset_Secure_Lockdown_Multi_Application_Edition_-_Vulnerabilities_and_Hardening_Measures_en.html" } ] } diff --git a/2024/29xxx/CVE-2024-29502.json b/2024/29xxx/CVE-2024-29502.json index a20615f60c4..7643b8dfd19 100644 --- a/2024/29xxx/CVE-2024-29502.json +++ b/2024/29xxx/CVE-2024-29502.json @@ -56,6 +56,11 @@ "url": "https://www.drive-byte.de/en/blog/inteset-bugs-and-hardening", "refsource": "MISC", "name": "https://www.drive-byte.de/en/blog/inteset-bugs-and-hardening" + }, + { + "refsource": "MISC", + "name": "https://raeph123.github.io/BlogPosts/inteset/Inteset_Secure_Lockdown_Multi_Application_Edition_-_Vulnerabilities_and_Hardening_Measures_en.html", + "url": "https://raeph123.github.io/BlogPosts/inteset/Inteset_Secure_Lockdown_Multi_Application_Edition_-_Vulnerabilities_and_Hardening_Measures_en.html" } ] } diff --git a/2024/49xxx/CVE-2024-49200.json b/2024/49xxx/CVE-2024-49200.json index ed7e416f335..7defc221ba0 100644 --- a/2024/49xxx/CVE-2024-49200.json +++ b/2024/49xxx/CVE-2024-49200.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-49200", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-49200", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in AcpiS3SaveDxe and ChipsetSvcDxe in Insyde InsydeH2O with kernel 5.2 though 5.7. A potential DXE memory corruption vulnerability has been identified. The root cause is use of a pointer originating from the value of an NVRAM variable as the target of a write operation. This can be leveraged by an attacker to perform arbitrary writes, potentially leading to arbitrary code execution. The issue has been fixed in kernel 5.2, Version 05.29.44; kernel 5.3, Version 05.38.44; kernel 5.4, Version 05.46.44; kernel 5.5, Version 05.54.44; kernel 5.6, Version 05.61.44; and kernel 5.7, Version 05.70.44." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.insyde.com/security-pledge/SA-2024015", + "url": "https://www.insyde.com/security-pledge/SA-2024015" } ] } diff --git a/2025/22xxx/CVE-2025-22911.json b/2025/22xxx/CVE-2025-22911.json index 992e7817dca..5012e4e7251 100644 --- a/2025/22xxx/CVE-2025-22911.json +++ b/2025/22xxx/CVE-2025-22911.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-22911", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-22911", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "RE11S v1.11 was discovered to contain a stack overflow via the rootAPmac parameter in the formiNICbasicREP function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/xyqer1/RE11S_1.11-formiNICbasicREP-StackOverflow", + "refsource": "MISC", + "name": "https://github.com/xyqer1/RE11S_1.11-formiNICbasicREP-StackOverflow" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/xyqer1/6145c00a51093baad7ab5b8293a06e80", + "url": "https://gist.github.com/xyqer1/6145c00a51093baad7ab5b8293a06e80" } ] } diff --git a/2025/25xxx/CVE-2025-25453.json b/2025/25xxx/CVE-2025-25453.json index 130166964a7..8d0cc40caa2 100644 --- a/2025/25xxx/CVE-2025-25453.json +++ b/2025/25xxx/CVE-2025-25453.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-25453", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-25453", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via serviceName2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/xyqer1/Tenda-AC10-AdvSetMacMtuWan-serviceName2-StackOverflow", + "refsource": "MISC", + "name": "https://github.com/xyqer1/Tenda-AC10-AdvSetMacMtuWan-serviceName2-StackOverflow" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/xyqer1/84dc6d8b3f92597d1d597b2799c2c45f", + "url": "https://gist.github.com/xyqer1/84dc6d8b3f92597d1d597b2799c2c45f" } ] } diff --git a/2025/25xxx/CVE-2025-25458.json b/2025/25xxx/CVE-2025-25458.json index 7f1ac555e10..005da778eee 100644 --- a/2025/25xxx/CVE-2025-25458.json +++ b/2025/25xxx/CVE-2025-25458.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-25458", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-25458", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via serverName2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/xyqer1/Tenda-AC10-AdvSetMacMtuWan-serverName2-StackOverflow", + "refsource": "MISC", + "name": "https://github.com/xyqer1/Tenda-AC10-AdvSetMacMtuWan-serverName2-StackOverflow" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/xyqer1/d195ea1eb37ba1cc5f709b1d4fc1a2c6", + "url": "https://gist.github.com/xyqer1/d195ea1eb37ba1cc5f709b1d4fc1a2c6" } ] } diff --git a/2025/32xxx/CVE-2025-32388.json b/2025/32xxx/CVE-2025-32388.json index 4f880bdc136..7a0d3ae48f4 100644 --- a/2025/32xxx/CVE-2025-32388.json +++ b/2025/32xxx/CVE-2025-32388.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-32388", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.20.6 , unsanitized search param names cause XSS vulnerability. You are affected if you iterate over all entries of event.url.searchParams inside a server load function. Attackers can exploit it by crafting a malicious URL and getting a user to click a link with said URL. This vulnerability is fixed in 2.20.6." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "sveltejs", + "product": { + "product_data": [ + { + "product_name": "kit", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 2.0.0, < 2.20.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/sveltejs/kit/security/advisories/GHSA-6q87-84jw-cjhp", + "refsource": "MISC", + "name": "https://github.com/sveltejs/kit/security/advisories/GHSA-6q87-84jw-cjhp" + }, + { + "url": "https://github.com/sveltejs/kit/commit/d3300c6a67908590266c363dba7b0835d9a194cf", + "refsource": "MISC", + "name": "https://github.com/sveltejs/kit/commit/d3300c6a67908590266c363dba7b0835d9a194cf" + }, + { + "url": "https://github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fkit%402.20.6", + "refsource": "MISC", + "name": "https://github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fkit%402.20.6" + } + ] + }, + "source": { + "advisory": "GHSA-6q87-84jw-cjhp", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2025/32xxx/CVE-2025-32435.json b/2025/32xxx/CVE-2025-32435.json index 7bd7053c4c4..c4393bf02c8 100644 --- a/2025/32xxx/CVE-2025-32435.json +++ b/2025/32xxx/CVE-2025-32435.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-32435", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Hydra is a Continuous Integration service for Nix based projects. Evaluation of untrusted non-flake nix code could potentially access secrets that are accessible by the hydra user/group. This should not affect the signing keys, that are owned by the hydra-queue-runner and hydra-www users respectively." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", + "cweId": "CWE-95" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NixOS", + "product": { + "product_data": [ + { + "product_name": "hydra", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 8d750265135b7e203520036a742afdf301b4013f" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/NixOS/hydra/security/advisories/GHSA-j7w7-965w-vjxw", + "refsource": "MISC", + "name": "https://github.com/NixOS/hydra/security/advisories/GHSA-j7w7-965w-vjxw" + }, + { + "url": "https://github.com/NixOS/nixpkgs/pull/397919", + "refsource": "MISC", + "name": "https://github.com/NixOS/nixpkgs/pull/397919" + }, + { + "url": "https://github.com/NixOS/hydra/commit/8d750265135b7e203520036a742afdf301b4013f", + "refsource": "MISC", + "name": "https://github.com/NixOS/hydra/commit/8d750265135b7e203520036a742afdf301b4013f" + }, + { + "url": "https://github.com/nix-community/nix-eval-jobs/releases/tag/v2.28.1", + "refsource": "MISC", + "name": "https://github.com/nix-community/nix-eval-jobs/releases/tag/v2.28.1" + } + ] + }, + "source": { + "advisory": "GHSA-j7w7-965w-vjxw", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 2.6, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2025/32xxx/CVE-2025-32782.json b/2025/32xxx/CVE-2025-32782.json index 55584780f62..fc40a73060d 100644 --- a/2025/32xxx/CVE-2025-32782.json +++ b/2025/32xxx/CVE-2025-32782.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-32782", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Ash Authentication provides authentication for the Ash framework. The confirmation flow for account creation currently uses a GET request triggered by clicking a link sent via email. Some email clients and security tools (e.g., Outlook, virus scanners, and email previewers) may automatically follow these links, unintentionally confirming the account. This allows an attacker to register an account using another user\u2019s email and potentially have it auto-confirmed by the victim\u2019s email client. This does not allow attackers to take over or access existing accounts or private data. It is limited to account confirmation of new accounts only. This vulnerability is fixed in 4.7.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306: Missing Authentication for Critical Function", + "cweId": "CWE-306" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "team-alembic", + "product": { + "product_data": [ + { + "product_name": "ash_authentication", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 4.7.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/team-alembic/ash_authentication/security/advisories/GHSA-3988-q8q7-p787", + "refsource": "MISC", + "name": "https://github.com/team-alembic/ash_authentication/security/advisories/GHSA-3988-q8q7-p787" + }, + { + "url": "https://github.com/team-alembic/ash_authentication/commit/99ea38977fd4f421d2aaae0c2fb29f8e5f8f707d", + "refsource": "MISC", + "name": "https://github.com/team-alembic/ash_authentication/commit/99ea38977fd4f421d2aaae0c2fb29f8e5f8f707d" + } + ] + }, + "source": { + "advisory": "GHSA-3988-q8q7-p787", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2025/36xxx/CVE-2025-36835.json b/2025/36xxx/CVE-2025-36835.json new file mode 100644 index 00000000000..2619c32f733 --- /dev/null +++ b/2025/36xxx/CVE-2025-36835.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-36835", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/36xxx/CVE-2025-36836.json b/2025/36xxx/CVE-2025-36836.json new file mode 100644 index 00000000000..443f272870f --- /dev/null +++ b/2025/36xxx/CVE-2025-36836.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-36836", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/36xxx/CVE-2025-36837.json b/2025/36xxx/CVE-2025-36837.json new file mode 100644 index 00000000000..9a72e5a03a2 --- /dev/null +++ b/2025/36xxx/CVE-2025-36837.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-36837", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/36xxx/CVE-2025-36838.json b/2025/36xxx/CVE-2025-36838.json new file mode 100644 index 00000000000..88ab5af6cc0 --- /dev/null +++ b/2025/36xxx/CVE-2025-36838.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-36838", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/36xxx/CVE-2025-36839.json b/2025/36xxx/CVE-2025-36839.json new file mode 100644 index 00000000000..1ac2dc66c53 --- /dev/null +++ b/2025/36xxx/CVE-2025-36839.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-36839", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/36xxx/CVE-2025-36840.json b/2025/36xxx/CVE-2025-36840.json new file mode 100644 index 00000000000..3f940e9eaa7 --- /dev/null +++ b/2025/36xxx/CVE-2025-36840.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-36840", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/36xxx/CVE-2025-36841.json b/2025/36xxx/CVE-2025-36841.json new file mode 100644 index 00000000000..d5214318a78 --- /dev/null +++ b/2025/36xxx/CVE-2025-36841.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-36841", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/36xxx/CVE-2025-36842.json b/2025/36xxx/CVE-2025-36842.json new file mode 100644 index 00000000000..c803ce2b3c5 --- /dev/null +++ b/2025/36xxx/CVE-2025-36842.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-36842", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/36xxx/CVE-2025-36843.json b/2025/36xxx/CVE-2025-36843.json new file mode 100644 index 00000000000..547e68051be --- /dev/null +++ b/2025/36xxx/CVE-2025-36843.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-36843", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/36xxx/CVE-2025-36844.json b/2025/36xxx/CVE-2025-36844.json new file mode 100644 index 00000000000..fe752b9d2b4 --- /dev/null +++ b/2025/36xxx/CVE-2025-36844.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-36844", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/3xxx/CVE-2025-3671.json b/2025/3xxx/CVE-2025-3671.json new file mode 100644 index 00000000000..295f5767313 --- /dev/null +++ b/2025/3xxx/CVE-2025-3671.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-3671", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/3xxx/CVE-2025-3672.json b/2025/3xxx/CVE-2025-3672.json new file mode 100644 index 00000000000..7f68eb22ce3 --- /dev/null +++ b/2025/3xxx/CVE-2025-3672.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-3672", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file